Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.HQE

PUP.Gamehack.HQE

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.HQE
Signature status: No Signature

Known Samples

MD5: a4ff6471f4d184d5596dafc8afd928d0
SHA1: 6e3884a974fe58dab5cff74d884fb5d903cc983b
SHA256: DEAEB961BA4BF1C863886759320D464A91DB15E48EB20D98E543F5363FE79F89
File Size: 541.58 KB, 541582 bytes
MD5: 244eecb27e3ff4bdfc188a1c957e4f6d
SHA1: 5ea5a7aa6f284e3e1a33aed8dd5b2f7d4b05e145
SHA256: E2413D028FB60A7AADC12B8A6392DEE6A48F3B14A70FACC6E7520C7791A7E103
File Size: 386.05 KB, 386048 bytes
MD5: 731ddae971f26bc1c5b992ce1e8ce9f5
SHA1: 17aa50cc04e64a3822af43570c6ead14a637aca7
SHA256: 97023C5454B598314958373288094BC14F550031A38DA7AB426E88509DF518D2
File Size: 2.40 MB, 2398208 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Synaptics
File Description Synaptics Pointing Device Driver
File Version 1.0.0.4
Product Name Synaptics Pointing Device Driver
Product Version 1.0.0.0

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Similar Families

  • Gamehack.HQE

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcx8189.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\qpydz9n.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l4\23\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_17aa50cc04e64a3822af43570c6ead14a637aca7_0002398208 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_17aa50cc04e64a3822af43570c6ead14a637aca7_0002398208 Synchronize,Write Attributes
c:\windows\[crack-soft.net].cmd Generic Write,Read Attributes
c:\windows\[crack-soft.net].cmd Synchronize,Write Attributes
c:\windows\[crack-soft.net].exe Generic Write,Read Attributes
c:\windows\[crack-soft.net].exe Synchronize,Write Attributes
c:\windows\[crack-soft.net].ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\__tmp_rar_sfx_access_check_153183218 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ₿娶斘ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鳪ȁ 砍yਪˣ鈯ˣ遙̃豤̃偫~অˣ炑̃龡^濖̃賬̃攘ťE獖}$偫~$엦1 鰚²਷ˣ邯̃뫯ʃe"ꙥž֢ᐊ엦1-¶fꙥžg֢h RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Other Suspicious
  • AdjustTokenPrivileges
Service Control
  • OpenSCManager
  • OpenService
Process Terminate
  • TerminateProcess
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

(NULL) C:\Windows\[crack-soft.net].cmd
WriteConsole:
WriteConsole: C:\Windows>
WriteConsole: [crack-soft.net]
WriteConsole: -i
Show More
WriteConsole:
C:\Windows\[crack-soft.net].exe [crack-soft.net].exe -i
WriteConsole: Global Injector v1.0
WriteConsole:
WriteConsole: 09216990 001758 SysMain -> Install: CreateService failed with 87!
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5ea5a7aa6f284e3e1a33aed8dd5b2f7d4b05e145_0000386048.,LiQMAxHB
runas c:\users\user\downloads\._cache_17aa50cc04e64a3822af43570c6ead14a637aca7_0002398208
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...