PUP.Gametool.PDB

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gametool.PDB
Signature status:	No Signature

Known Samples

MD5: cf33495ffffa6478f3373db09aba4ffe

SHA1: 4242c68acdb2d3505fb475bb3f2b072b820e643f

SHA256: 84CC9C4C4FF3E285B82B090CB9150C96C687E3AA520A08AA08265849BD57072A

File Size: 488.45 KB, 488448 bytes

MD5: 3c45817d96a3efbc59f6a02a15fa8aea

SHA1: 9554eb874c9046de34ddf1ec82674f4cca0ff222

SHA256: 55C3D8AA5173B9F42EE02273B0F5D8493D5FBC3EF4873779BF63D461FD37759E

File Size: 491.52 KB, 491520 bytes

MD5: 6dd13eee7353dc1711b2b4ced8fba302

SHA1: 70d97e0c04e9649d0779956cf7f95cbe3258a1dd

SHA256: D8748DF91CC7593BEC3793C2EE2E9413EFBB6A7CD8EF8C3322DCAC923C63F599

File Size: 504.83 KB, 504832 bytes

MD5: 9fc521534c842eccbbbb7abe6614dd16

SHA1: 44a0d4e32280d717b6e1872febe877782573afac

SHA256: 86B1EC9A73D03AB97CE1BFCDE6D1006967DC2888323213B8847D44BBA7821D8F

File Size: 622.08 KB, 622080 bytes

MD5: fcd314671419d105d9b4679a0fe57fd2

SHA1: c650080425db259fb522e20660dfee81c3565d0c

SHA256: 47C6FAB2AA36943CE46CA54345DB0B4EB8A5B276E6D0667AA0CFE47B6824392B

File Size: 1.07 MB, 1069056 bytes

MD5: df59dc450b1b234be508e08f58055b2e

SHA1: d7699c8995910610d86f215232fa13c19fd9f5ed

SHA256: 4C947A844FE9CE04ED59E1289751F7AC16A4AFAD419ADA37CC25A00759CF090B

File Size: 566.78 KB, 566784 bytes

MD5: 709ee6aa96f90f9bfbf2f8b8c9489900

SHA1: 1c86629ff38a730c2205d19a632c19954c0d4d21

SHA256: A8A4D862571CED9F5D790B1BC1EF9D2B48CD3C58D45C33EFFF826870CDEE61E0

File Size: 1.07 MB, 1070592 bytes

MD5: 489af6150c0bfa174cad1e6d1fd05398

SHA1: aee852a114a3842a4cae21c49fb7caa926837427

SHA256: 1B4319F2C74DD8C2050BBDAF27BA12219F1819B8B9DBFFE7FDF9D5BD5BDFD422

File Size: 823.81 KB, 823808 bytes

MD5: 2cc86416a622d113e1e8a67030c5ae13

SHA1: fbc4a390171ab36ecfceb87aa2c8d46182a74eac

SHA256: 0C63B8C584C6EAAFB8F0C97CC4AC29EE8FE37A962A590148AC7F26B829E5E7A0

File Size: 1.10 MB, 1101824 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	crosire
File Description	d3d8to9
File Version	1.13.0.0
Legal Copyright	Copyright © 2015. All rights reserved.
Original Filename	d3d8.dll
Product Name	ReShade
Product Version	3.0.0

File Traits

dll
fptable
HighEntropy
imgui
No Version Info
WriteProcessMemory
x86

Block Information

Total Blocks:	2,599
Potentially Malicious Blocks:	259
Whitelisted Blocks:	2,042
Unknown Blocks:	298

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? x ? ? 0 ? x x 0 0 0 0 x x ? ? x x 0 x x x 0 0 x 0 0 x 0 0 0 0 0 0 0 x x ? x 0 0 0 x ? 0 0 x x x x x 0 0 x 0 x x 0 0 0 x 0 0 0 ? ? x 0 0 ? 0 x 0 ? 0 x 0 0 x x 0 x ? x ? 0 ? x x 0 0 x x x 0 0 ? x x x 0 0 x x x ? x x x x 0 ? ? 0 0 x 0 x x x ? ? 0 0 0 ? ? x x x x x x 0 0 0 0 x x ? ? ? ? ? 0 0 0 ? x x ? x 0 x 0 0 0 x 0 0 0 x 0 x x 0 0 0 0 ? x x x x x x 0 0 0 ? x x x x x x x x x x 0 0 x 0 0 0 0 ? x ? x ? 0 0 0 0 0 ? 0 x x x 0 0 0 0 x x x 0 x ? x 0 x x 0 ? 0 0 x 0 x x 0 0 x 0 x x x ? 0 ? 0 x x ? x x x x x 0 0 ? x ? 0 0 0 0 0 x x x x x x 0 x x 0 0 x 0 0 x 0 0 0 x x x x 0 0 x x 0 x x 0 x 0 x 0 x x x x x x x x 0 x x 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x 0 0 x x 0 0 0 ? 0 ? x 0 0 0 0 0 0 0 0 ? x x ? x 0 x 0 0 x x 0 0 0 0 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x ? x 0 x ? ? 0 0 0 ? x 0 0 0 0 x 0 0 0 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x ? 0 x 0 ? 0 0 0 0 0 ? x ? ? ? x 0 x 0 x 0 0 0 x ? 0 x ? x x x ? ? 0 0 ? ? x ? ? 0 ? x x 0 x x ? 0 0 ? ? ? x 0 x x 0 0 0 x 0 x 0 x 0 ? 0 0 x 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 x 0 x x 1 x ? 0 ? 0 x x 0 x ? ? ? 0 0 x ? ? x ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? x ? ? 0 ? x ? 0 0 ? 0 0 0 x 0 0 ? 0 0 0 x ? 0 ? ? 0 0 x x x ? x ? ? 0 x x 0 x ? 0 ? x x 0 x ? ? 0 x ? ? ? 0 0 x 0 x 0 x x x x 0 ? ? x x 0 ? x 0 0 0 0 x ? ? ? ? x 0 0 0 ? ? ? ? x 0 x 0 0 x 0 0 x 0 0 x 0 0 x x 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? ? 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 0 ? ? 0 ? ? ? ? 0 0 ? ? 0 ? ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? 0 0 ? ? x 0 0 ? 0 ? 0 ? 0 0 ? ? 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtQueryAttributesFile Show More ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile
Process Shell Execute	CreateProcess
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9554eb874c9046de34ddf1ec82674f4cca0ff222_0000491520.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\44a0d4e32280d717b6e1872febe877782573afac_0000622080.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c650080425db259fb522e20660dfee81c3565d0c_0001069056.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1c86629ff38a730c2205d19a632c19954c0d4d21_0001070592.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aee852a114a3842a4cae21c49fb7caa926837427_0000823808.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fbc4a390171ab36ecfceb87aa2c8d46182a74eac_0001101824.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Gametool.PDB

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Perseus Banking Malware

ValidVersion.app

Storage Limit Reached Email Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen