Crack

HackTool.Win32.GameHack malicious file

Malware Removal

The HackTool.Win32.GameHack is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What HackTool.Win32.GameHack virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

Related domains:

example.org
ipv4only.arpa
detectportal.firefox.com

How to determine HackTool.Win32.GameHack?



File Info:

name: 09F2A06ABC577EC8307A.mlw
path: /opt/CAPEv2/storage/binaries/39ee1cc5247622f432735170494cf097dbf8e44a48df8d314149241d92d0009e
crc32: 0D69F357
md5: 09f2a06abc577ec8307aedd6b3defb2f
sha1: ba5b4d6d7bcb886f3c600cc0f359a874fba8085b
sha256: 39ee1cc5247622f432735170494cf097dbf8e44a48df8d314149241d92d0009e
sha512: 719d64d79c62813e129638dc2f0cae88c6e2b50c786dcdd214f59bcc7575f43b573228933036fcc0ac67fee0902ebd7a19e1e0d52fd3bedfe0f427ad72840139
ssdeep: 98304:UcV1dKGAujvn8ynYKw4f7U9FUJq99/BON3DKbMqEreYa:U2KGAujv1YKrq63DKbSKV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16F368D127742C171E4E722F4169DA335567DBCE0072062D3A3DAA6FE9F682D0BD3364A
sha3_384: 531dfd766b06e3f176a255ac5288512c8cb5f3478985ee34e305af419a95d5c28ca5635223181d3ca4ec133ba1e63f58
ep_bytes: 68a0164000e8eeffffff000000000000
timestamp: 2021-11-22 16:02:06


Version Info:

Translation: 0x0409 0x04b0
CompanyName: PB
ProductName: PB
FileVersion: 1.00.0267
ProductVersion: 1.00.0267
InternalName: UPDATE ZEPO
OriginalFilename: UPDATE ZEPO.exe

HackTool.Win32.GameHack also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.22126
FireEyeGeneric.mg.09f2a06abc577ec8
CAT-QuickHealTrojan.IgenericPMF.S22494482
ALYacGen:Variant.Doina.22126
CylanceUnsafe
CrowdStrikewin/malicious_confidence_80% (W)
Cybereasonmalicious.abc577
CyrenW32/Trojan.WCLG-8459
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GameHack.FJC potentially unsafe
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-9883587-0
KasperskyHEUR:HackTool.Win32.GameHack.gen
BitDefenderGen:Variant.Doina.22126
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Doina.22126
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.PWSAxespec.rh
EmsisoftGen:Variant.Doina.22126 (B)
GDataGen:Variant.Doina.22126
AviraTR/Dropper.Gen
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.3464B4F
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R427509
McAfeeGenericRXAA-AA!09F2A06ABC57
MalwarebytesMalware.AI.3350695336
TencentMalware.Win32.Gencirc.10cf85f0
YandexRiskware.Agent!vdKPnDS2FeI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34294.buW@aG9eFDfi
AVGWin32:DropperX-gen [Drp]
PandaTrj/Genetic.gen

How to remove HackTool.Win32.GameHack?

HackTool.Win32.GameHack removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment