Concrete signature match: PUA for 32-bit Windows platform, family GameHack
PUA:Win32/GameHack is a concrete detection for a potentially unwanted application, identified as a game hacking tool. It employs advanced kernel-mode techniques, including `KeServiceDescriptorTable` manipulation and driver installation, to achieve its objectives, posing a significant risk to system integrity and stability.
Relevant strings associated with this threat: - &GameHack\RegDriver\objfre\i386\Reg.pdb (PEHSTR) - gnaixnauhqq.dll (PEHSTR) - niluw.dll (PEHSTR) - naixuhz.dll (PEHSTR) - \DosDevices\c:\name.log (PEHSTR_EXT) - GameHack\ (PEHSTR_EXT) - KeServiceDescriptorTable (PEHSTR_EXT) - KeServiceDescriptorTable (PEHSTR) - .GameHack\HookDllDriver\objfre\i386\hookdll.pdb (PEHSTR) - #GameHack\Driver\bin\i386\mssock.pdb (PEHSTR) - atgnehz.dll (PEHSTR) - bauhgnem.dll (PEHSTR) - duygnef.dll (PEHSTR) - ijougiemnaw.dll (PEHSTR) - iqaixnaij.dll (PEHSTR) - taijoad.dll (PEHSTR) - sauhad.dll (PEHSTR) - jemnaw.dll (PEHSTR) - nadgnohiac.dll (PEHSTR) - gnolnait.dll (PEHSTR) - qlihzouhgnfe.dll (PEHSTR) - utiemnaw.dll (PEHSTR) - \GameHack\ (PEHSTR_EXT) - \objfre\i386\ (PEHSTR_EXT) - ntoskrnl.exe (PEHSTR_EXT) - code\new\GameHack1216my\RegDriver\objfre\i386\Reg.pdb (PEHSTR_EXT) - .hygame8888.cn (PEHSTR) - /c8c_ini/startup. (PEHSTR) - \drivers\etc\service3.ini (PEHSTR) - \startup1.exe (PEHSTR) - /ExeIni/c8cConfig2_run.txt (PEHSTR) - \HWID.txt (PEHSTR_EXT) - PointBlank.exe (PEHSTR_EXT) - //indocheat.xyz (PEHSTR_EXT) - TrayIcon.cpp (PEHSTR_EXT) - PSAPI.DLL (PEHSTR_EXT) - FLiNGTrainer.com (PEHSTR) - bbs.3dmgame.com (PEHSTR) - )flingtrainer.com/tag/monster-hunter-world (PEHSTR) - SHDocVwCtl.WebBrowser (PEHSTR) - SazInjector.exe (PEHSTR_EXT) - SazInjector.Resources.resources (PEHSTR_EXT) - Assembly System.Reflection (PEHSTR_EXT) - Emalar\Visual Studio\CG_Loader\CG_Loader\obj\x86\Release\CG_Loader.pdb (PEHSTR) - DllInjector (PEHSTR_EXT) - D:\All ProJect\INJECT BCZ EDIT NEW\Release\BCZINJECTNEW.pdb (PEHSTR_EXT) - @Steam.exe (PEHSTR_EXT) - steamwebhelper.exe (PEHSTR_EXT) - Software\Valve\Steam (PEHSTR_EXT) - Steam will close... (PEHSTR_EXT) - steamui.dll (PEHSTR_EXT) - zepetto.online (PEHSTR_EXT) - vipenjoyers.xyz (PEHSTR_EXT) - vvipegn.com (PEHSTR_EXT) - http://bruh.games/internal/sru/SRU_Internal_Loader.exe (PEHSTR_EXT) - http://bruh.games/internal/sru/SRU_Internal.dll (PEHSTR_EXT) - SRU_Internal_Loader.pdb (PEHSTR_EXT) - https://wearedevs.net (PEHSTR) - Release\exploit-main.pdb (PEHSTR) - roblox.com (PEHSTR) - \\.\pipe\WeAreDevsPublicAPI_Lua (PEHSTR) - exploit-main.dll (PEHSTR) - rbxassetid:// (PEHSTR) - os.execute (PEHSTR) - os.remove (PEHSTR) - os.rename (PEHSTR) - taskkill /f /im explorer.exe (PEHSTR_EXT) - \INF\cum4.bat (PEHSTR_EXT) - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT) - rundll32 (PEHSTR_EXT) - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT) - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT) - !#HSTR:ExecutionGuardrails (PEHSTR_EXT) - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT) - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
50b11d03d16c1d71072647d3a41dd4370ee356306984f467c274260f5ef13958Isolate the affected system immediately. Conduct a full system scan with up-to-date antivirus software and ensure all components of PUA:Win32/GameHack are completely removed. Monitor the system for any signs of reinfection and reinforce endpoint security policies.