Windows Analysis Report
SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe

Overview

General Information

Sample name: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Analysis ID: 1467091
MD5: 58a7d9b0cc94e95f3e89f6bb112c3275
SHA1: f3fd93fcdd0b7595e19e4c20731439e243a87426
SHA256: 62404758252b994da1b60c819fa8cbf1b6a884cd001939479a90ba4c52585363
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe ReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 95.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb33 source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAE268 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, 0_2_00007FF712FAE268
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, 0_2_00007FF712FA2AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAD960 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,VirtualFree,_stricmp,VirtualFree,VirtualFree,_invalid_parameter_noinfo_noreturn, 0_2_00007FF712FAD960
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA2AE0: NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, 0_2_00007FF712FA2AE0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA9330 0_2_00007FF712FA9330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAE268 0_2_00007FF712FAE268
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA2AE0 0_2_00007FF712FA2AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA3CF0 0_2_00007FF712FA3CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAD960 0_2_00007FF712FAD960
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA27A0 0_2_00007FF712FA27A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAC3C0 0_2_00007FF712FAC3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA1800 0_2_00007FF712FA1800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FACA10 0_2_00007FF712FACA10
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: String function: 00007FF712FA5910 appears 83 times
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe, 00000000.00000000.1657624031.00007FF712FB1000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe, 00000000.00000002.1659699986.00007FF712FB1000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Binary string: Unknown exceptionbad array new lengthstring too longbad cast\\\.\Nal[-] \Device\Nal is already in use.[<] Loading vulnerable driver, Name: [-] Can't find TEMP folder[-] Failed to create vulnerable driver file[-] Failed to register and start service for the vulnerable driver[-] Failed to load driver iqvw64e.sysntoskrnl.exe[-] Failed to get ntoskrnl.exe[-] Failed to ClearPiDDBCacheTable[-] Failed to ClearKernelHashBucketList[!] Failed to ClearMmUnloadedDrivers[<] Unloading vulnerable driver[!] Error dumping shit inside the disk[+] Vul driver data destroyed before unlink[-] Failed to translate virtual address 0x[-] Failed to map IO space of 0x[!] Failed to unmap IO space of physical address 0xMmAllocatePagesForMdl[!] Failed to find MmAlocatePagesForMdlMmMapLockedPagesSpecifyCache[!] Failed to find MmMapLockedPagesSpecifyCacheMmProtectMdlSystemAddress[!] Failed to find MmProtectMdlSystemAddressMmUnmapLockedPages[!] Failed to find MmUnmapLockedPagesMmFreePagesFromMdl[!] Failed to find MmFreePagesFromMdlExAllocatePoolWithTag[!] Failed to find ExAllocatePoolExFreePool[!] Failed to find device_object[!] Failed to find driver_object[!] Failed to find driver_section[!] Failed to find driver name[!] Failed to read driver name[!] Failed to write driver name length[+] MmUnloadedDrivers Cleaned: ExAcquireResourceExclusiveLite[!] Failed to find ExAcquireResourceExclusiveLiteExReleaseResourceLite[!] Failed to find ExReleaseResourceLiteRtlDeleteElementGenericTableAvl[!] Failed to find RtlDeleteElementGenericTableAvlRtlLookupElementGenericTableAvl[!] Failed to find RtlLookupElementGenericTableAvlxxxxxx????xxxxx????xxx????xxxxx????x????xx?x
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Binary string: \Device\Nal
Source: classification engine Classification label: mal56.winEXE@2/1@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_03
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe ReversingLabs: Detection: 44%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb33 source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, 0_2_00007FF712FA2AE0
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe API coverage: 2.4 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAE268 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, 0_2_00007FF712FAE268
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAE6B8 GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF712FAE6B8
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAE6B8 GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF712FAE6B8
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, 0_2_00007FF712FA2AE0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FA9330 SetUnhandledExceptionFilter,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,__std_fs_code_page,memcmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF712FA9330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAF4FC SetUnhandledExceptionFilter, 0_2_00007FF712FAF4FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAF350 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF712FAF350
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAEBB8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF712FAEBB8
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF712FADFB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe Code function: 0_2_00007FF712FAF568 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF712FAF568
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1467091 Sample: SecuriteInfo.com.W64.Gameha... Startdate: 03/07/2024 Architecture: WINDOWS Score: 56 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 14 AI detected suspicious sample 2->14 6 SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos