PUA:Win32/GameHack (file analysis)

Malware Removal

The PUA:Win32/GameHack is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What PUA:Win32/GameHack virus can do?

  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine PUA:Win32/GameHack?


File Info:

crc32: CCB9B4DD
md5: 61259dc1ab8a6973c236717bf8e17c48
name: Bioshock-Infinite-v1.1.25.5165-Plus-15-Trainer.exe
sha1: 33f9826d06cbe842b88cdc4b62ab7f7007530462
sha256: 4aed63db45d25cc61acc94369f60c841c9f4252b86f88b4760b259f1ab552474
sha512: 91d530eb73a428dfc1aa1ecf53eef93b5c5bea7e1abbdfb59c18939ebcf3c5239cb915e6936c7cd40a131882f885432aeca514d6f9ff6d1c3fb1ab4f1119e0dc
ssdeep: 24576:8hYYkuR9utM2DSjxb2O45iMVnn+4KFJqsCBh56+mdG:7uRHVxD6PVQS5HqG
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x98cex7075x6708x5f71 (FLiNG@3DMGAME) Copyright (C) 2016
InternalName: Bioshock Infinite v1.1.25.5165 Plus 15 Trainer
FileVersion: 1.0.0.1
CompanyName: 3DMGAME
ProductName: Bioshock Infinite v1.1.25.5165 Plus 15 Trainer
ProductVersion: 1.0.432.0
FileDescription: FLiNG@3DMGAME Presents - Bioshock Infinite v1.1.25.5165 Plus 15 Trainer
OriginalFilename: Bioshock Infinite v1.1.25.5165 Plus 15 Trainer.exe
Translation: 0x0000 0x04b0

PUA:Win32/GameHack also known as:

CAT-QuickHealTrojan.IGENERIC
McAfeeGenericRXAA-AA!61259DC1AB8A
MalwarebytesRiskWare.GameHack.Generic
VIPRETrojan.Win32.Generic!BT
K7AntiVirusUnwanted-Program ( 004fdd5f1 )
K7GWUnwanted-Program ( 004fdd5f1 )
Invinceaheuristic
ESET-NOD32a variant of Win32/GameHack.AUM potentially unsafe
Paloaltogeneric.ml
AlibabaHackTool:Win32/Generic.3497c952
RisingTrojan.Wacatac!8.10C01 (CLOUD)
ComodoApplicUnwnt@#21pnp4dh6y1rh
ZillyaTrojan.GameHack.Win32.1706
McAfee-GW-EditionBehavesLike.Win32.Injector.tc
FortinetW32/GameHack.AUM
Trapminemalicious.moderate.ml.score
SophosGeneric PUA DD (PUA)
SentinelOneDFI – Suspicious PE
WebrootPua.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.BTSGeneric
Endgamemalicious (high confidence)
MicrosoftPUA:Win32/GameHack
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002H0CJL19
YandexRiskware.Agent!
IkarusTrojan.Win32.Agent
eGambitGeneric.Malware
GDataWin32.Trojan.Agent.BSROAZ
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_80% (D)
Qihoo-360HEUR/QVM41.2.DB55.Malware.Gen

How to remove PUA:Win32/GameHack?

PUA:Win32/GameHack removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment