Adware.Neoreklami.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,990 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 1,070 |
| First Seen: | September 22, 2018 |
| Last Seen: | April 13, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Adware.Neoreklami.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
63b21d6830af221c5d5a94aab23d9d64
SHA1:
cf02c6ab9f7721177f741f8ad45175b64e220026
File Size:
444.42 KB, 444416 bytes
|
|
MD5:
c5b347a4632d1d990aee8a5777ce2303
SHA1:
e51d79cc7db569e82350bc4bc8f143831f480877
SHA256:
A3DE33B128AC7E5F807AD06B8C32A84E2B8C428B4E1E8B8EDED8876E3F300FA5
File Size:
424.96 KB, 424960 bytes
|
|
MD5:
c3ffe5e4262b9286b967c328bdc74fdf
SHA1:
53e76506f398ff725d7e0dc9e7968d66c0b75f12
SHA256:
CB3CE9737B6775C8EF38FE0B8DB0B7335D513D914A6C749EB4C2A600B52ECCC0
File Size:
414.72 KB, 414720 bytes
|
|
MD5:
d988643d94baa609bc0dc41d997d0f43
SHA1:
2ebe5b07ad54c14d6a386cc893b053a2881255c7
SHA256:
ABB87EC39385F58183C251B0E209A01F1D03725DEDAFF8916CC58E37A85E8479
File Size:
429.57 KB, 429568 bytes
|
|
MD5:
9f6707064edf9a0b1cc8f7c5a43d182b
SHA1:
bbc91c4e319e3a6a25d440c9fdf49b0823217ce7
SHA256:
3F43BBFC7F9F820774A03CD9C014C2B178DC12E3DF0650AF3FEF2373A31F462B
File Size:
429.57 KB, 429568 bytes
|
Show More
|
MD5:
ce8528109d7438b2962a2fd335fb57dc
SHA1:
f1732c078d52a5c9a80d30f0cea9b3940174427e
SHA256:
6692F8E7820D11F521DFB79778C7FC4C264821F30FB102877B0B1DCCC3628098
File Size:
429.57 KB, 429568 bytes
|
|
MD5:
48b557d92e24700bb4205ca2ce99e7f1
SHA1:
f6c91daded1f45dc80245b9b98e9130a77d35df5
SHA256:
ED258851EF48A1FA150756F77D54B4E4D9501477F38E00BBB400BE30D9BF99F6
File Size:
409.60 KB, 409600 bytes
|
|
MD5:
1e23a8e5191cb251c57a5c5d0d5c4f5b
SHA1:
d6af68cc9c9198855e47d6bb2725742f364b939d
SHA256:
17D4B148467D611AEB782E018A031ED4D162F556503990CB257CC05E95AF270F
File Size:
409.60 KB, 409600 bytes
|
|
MD5:
9f377ce19bc599b8b3b0505375d152cd
SHA1:
138f1bfde6f7dc35a8bbc06b9663a1f634ad116c
SHA256:
37F0368A89A92BF8848BDE2A45185588B286E0E1B7C2E3B8477D7EB296D69701
File Size:
415.74 KB, 415744 bytes
|
|
MD5:
3088ddbe48a6aa0d3a69461595e92cc2
SHA1:
cf3dd0f68a607535058a1aefd8d6410a3fcac97c
SHA256:
5E2E50EA2E794D37777CF4CDA1197FE7FC56104D819143413AC801E028CD01DF
File Size:
409.60 KB, 409600 bytes
|
|
MD5:
3f812d723064f79bb422d3c7a48f83f4
SHA1:
93003e743537bf622428042675dc103407cf1e52
SHA256:
9CDCE622DBC5D54F8FA1D272BD9FE648C6A975015D12FAB4271195738C68341E
File Size:
415.74 KB, 415744 bytes
|
|
MD5:
ed8ab366b5d01ae003a6369e4f94bf49
SHA1:
b4c62134ed93960b5e604f6ca591c4180a933d01
SHA256:
4550553ECF0F88DF29296A757C10060AF8C5729DB230A9E11B426BB633D68E4F
File Size:
410.62 KB, 410624 bytes
|
|
MD5:
8d006f405a0ce9efc31e65679f16e653
SHA1:
73dc70345965e86b4150a25038ac10c2b6aaa9d5
SHA256:
B45F599F3F1DDC2DED9EDF3BE9BEAB84BA9D7667368FC03501F7177572AB8F00
File Size:
412.67 KB, 412672 bytes
|
|
MD5:
094f78291560d31f3a9d273220f77a8f
SHA1:
fe2befc3d68df83eb06b186ea7cdff54e5a2dde2
SHA256:
3419224CD7C003175C3C0906C525C80BD978C74F4EE2591339BA4B7CED931F54
File Size:
413.18 KB, 413184 bytes
|
|
MD5:
d1b06fb745309920d353521cb6ad975e
SHA1:
58ac0f732a0be92d005b3605cf7566c925ea42ab
SHA256:
6F4207B67F2B60DC088D779A27D8B23C8178DCF32BC9675B95D189A7838233C2
File Size:
412.67 KB, 412672 bytes
|
|
MD5:
ec72b25ad2d73e3109132079e691a933
SHA1:
6022543d36975b346b0f052f172088d37373eefa
SHA256:
F161BD6174BED10CFD042BE535D6D49406822268F8C0E67CF1B975C92800F878
File Size:
468.48 KB, 468480 bytes
|
|
MD5:
df3784fe1455cb6252ec23dcaf8b0348
SHA1:
bca3ce4377428f7aa0c93063a71998bdb56b40ea
SHA256:
2BF2ED8AA42B579448C6AB7E2585390889BA3A7E2495FD0D4453CEF982132390
File Size:
410.11 KB, 410112 bytes
|
|
MD5:
86f0c6dbae269f29f252b78a3816a851
SHA1:
6f2584d07649dc9828f81a623bd51824bf7b509b
SHA256:
F2C490D01E01BEDD016EEFF11C65F1CDBEC0E268EBE44E8977D41DA7E556AD68
File Size:
422.40 KB, 422400 bytes
|
|
MD5:
4ec902299798319eefa6da1e3f3eb8b5
SHA1:
c38f2ccc6f5f0ba38dd7cfe73bcaa9f13528a776
SHA256:
FFB800FB350BF347E9A69C46A87C3B9E0C8A12804E79D10DDC0FFB3A3AC48186
File Size:
422.40 KB, 422400 bytes
|
|
MD5:
597d43704d6639a86cc856c54231653f
SHA1:
4421495c07c8af07540c07bdbbc6b80d29889015
SHA256:
390A54E3A2F5F150A27B4116F6E2E04ADA7274C1BAD2292451B3EADDD658BBBE
File Size:
427.01 KB, 427008 bytes
|
|
MD5:
1bee390b12c956574d9a95738513434d
SHA1:
cd30ae714cb606ccca7e5697cea1b3e9693b3c2a
SHA256:
2D81731FBFE084AB290BB31871BEEA3D342E47D4A27BC1B7F924C9F48C0B9842
File Size:
413.18 KB, 413184 bytes
|
|
MD5:
0c22f0d91a709543f2a6972148c9b043
SHA1:
69dcadae358427b1331d9402938d525bdc7ae55b
SHA256:
C899E4CB0A2C03A9AA266A71216F0552219F4B4FEE7B083BF92F435315971E22
File Size:
426.50 KB, 426496 bytes
|
|
MD5:
c54bc3adfa1d802cdd0f396afe4419cd
SHA1:
bfcbcd57368cac287fa6bf8baa6f580ee16a1629
SHA256:
C23C79D47668422F43A0DE3B157882647B02106BFC568509F32B91B288A4F56E
File Size:
409.09 KB, 409088 bytes
|
|
MD5:
833eefa4675f00784a148e681f4fc6c6
SHA1:
e1d5745cdad6004a2914105c55dbf44f46d34786
SHA256:
B997FE02F39D5C9A237190A4C7388EB79CBCFD3B494CC45E103D6E145859FBD4
File Size:
409.09 KB, 409088 bytes
|
|
MD5:
e3a5370e528e5480146adf37785db06c
SHA1:
ede0da31e72b83d0dac9a920bd2644dcb852037f
SHA256:
2FC1745231651CB156E7DC8912688350A07E4DC74770467BA318A336B4A0C7B2
File Size:
415.23 KB, 415232 bytes
|
|
MD5:
f4fcb12429ae24a0a4f9a191d6177ffe
SHA1:
45c21cee0975f0fc48d2f34bc0fd1ff628dae4a9
SHA256:
1888A5CA8B2428FAD4DA2DFE578B953E67F911547C0CE72AFF74709476376A0A
File Size:
398.85 KB, 398848 bytes
|
|
MD5:
91d7030231d0591d62d55181e97dc507
SHA1:
b054e170e43295b6ff4e653e0b800f3796305825
SHA256:
05D4CE65486BFC1496F6961F08D24EC71FC3FC7FD9CA578C14E3EECEC994A8D6
File Size:
409.09 KB, 409088 bytes
|
|
MD5:
2b87a9026030bff01da82eb21ccd30d5
SHA1:
43eea2e2ec431c8e4a60a76cb085259f629c2d11
SHA256:
46A8AE18BBD76C1EC2298AB524497884515F1EB30D3D9E215B59C5E7436F52FF
File Size:
426.50 KB, 426496 bytes
|
|
MD5:
61d7da7794bea9e6d0371d57f01884fe
SHA1:
d793e366d43b48035834c2b7fcea1438b26d43a5
SHA256:
41CE0A0DA6AD24486DC3CFABBD7D128AD5CAC6E9FDD4A9A3FBAC129FEA6B0E87
File Size:
413.70 KB, 413696 bytes
|
|
MD5:
9048b013d21377b21591822d2406c2bd
SHA1:
53251906855c78de2c7c3ee7df0a217c4620013a
SHA256:
1863228CF92E4421DB6FAEEA65A230DD40343BFD7A2A53EE36E5D56AA709AD1B
File Size:
413.70 KB, 413696 bytes
|
|
MD5:
b7b9038c221d8b22e983d6dd9f90129f
SHA1:
aa0363458457f22fce80a0916ac28e1e3c04c208
SHA256:
A1FA3963ED71B847A6E28E4DD44AED3A940D4502922AD199C7C73C338031852E
File Size:
403.97 KB, 403968 bytes
|
|
MD5:
0dfd6453d42c15b05b72b648c4ecc117
SHA1:
0a4429979e8110bc6684903f544ea7e74aeb1d3f
SHA256:
3880CBD28F1E0AABBF077F3C2DD39CF747E86D1B3D5377CDF25D92DC52F8B07F
File Size:
498.69 KB, 498688 bytes
|
|
MD5:
977a339242990138ba46775cf4ecb9fc
SHA1:
a4c0ee3ac2f372a8d818054be084454892b4ca7c
SHA256:
102039A9D73A035ABDE3AE2F8C3E2965CA11D8AC6C15B844BB477C19E9C79D4A
File Size:
425.98 KB, 425984 bytes
|
|
MD5:
36175da8c1e8e5c6be8c1d0d735492ac
SHA1:
0be6e751d453f459545f8d8ec3abc35fc127bf0b
SHA256:
40958DD0776B89AB6E778B22A494969CCA4F4D4057FEC1333755D4897F0264D5
File Size:
419.33 KB, 419328 bytes
|
|
MD5:
168331b7d32bd86303e97f41c471780d
SHA1:
057c8b4cd071232816d4ea44a5a9049de0cdf72a
SHA256:
CBF9402D78DA5A964A508C9D6A2434C4554571AB4D8DF66D778EB34C85651FEF
File Size:
419.33 KB, 419328 bytes
|
|
MD5:
6428a5d4e21e59b8a3eacee7057b2c76
SHA1:
f8ca56eb7f9ee86e48415165ace5889914ae677c
SHA256:
7F3472CDB4072F8B1A8AA30BA5CFC5EEEDF23C2B5E06B0E4069F8477CD9F25DD
File Size:
418.30 KB, 418304 bytes
|
|
MD5:
075ff6cfa0450a0e6967ad5021c74aa1
SHA1:
1c9f74a3622189599df6ae67524eea353be06104
SHA256:
3B4B2865DEA3257A64971089C22A991BCE3999E384878967ED80AB0FA428B99C
File Size:
410.62 KB, 410624 bytes
|
|
MD5:
812db137306f4b0d6892f2646f45d745
SHA1:
503d2c6ef9687e257facc18ec550335c5615c52c
SHA256:
D023D82F3F682B8901E88EBD9715F7729FA9FA0AEFF5C88D064EB479186DC398
File Size:
422.40 KB, 422400 bytes
|
|
MD5:
b6f69cdfffe1f7c6b5503638ebaf02b4
SHA1:
3635693563c05043824b5532db787516d5776160
SHA256:
4B43DB3A5504469942A1815A9D1397ADC0395A10CA602FD2DF45E826B161F5B4
File Size:
441.34 KB, 441344 bytes
|
|
MD5:
07b77465899961d8348c22ed5bb4d0f7
SHA1:
04c9a7c06ac992ee3c4478e0d9e7427ca145dc0e
SHA256:
BB722397988B028A816ECF48CE9083157ABA228846764C3A786F526EBE1CB6A9
File Size:
429.06 KB, 429056 bytes
|
|
MD5:
b601a68423d0ddda441d66676de7144e
SHA1:
8a59420fa2dbd34e9a18c736331959a5eb974041
SHA256:
3CCC22FD2CED71504A6329209867E1F40473BE9E388F88315A32E73D96291857
File Size:
399.87 KB, 399872 bytes
|
|
MD5:
d3f7477a93c2f22184581a397656cfc4
SHA1:
4b673e9c90e9e8ef23cc0de38ce4fc8a03d76065
SHA256:
3E77C079C199073E55B5965C8690A4B633C724D98FD106E4D080C857507B1A4C
File Size:
401.41 KB, 401408 bytes
|
|
MD5:
5fff2fe0ec346d310ed71245e419fdae
SHA1:
6f71d2cd13ecdf98b2246b1ac7995078394d7604
SHA256:
FFB94DFBA0220DD79EFD28BF63B2FCC21DC89EBEFDA896A812EA96D74F2722DE
File Size:
408.06 KB, 408064 bytes
|
|
MD5:
28c5906cbf39197f30835520c7b4fc8f
SHA1:
3b6d69530f8ae625c99c7634dde7d2c34feab35e
SHA256:
9CD242041E94C0EE38040EADE6E954E16D65F1F753F1BF10D75DC24AACDD8ADA
File Size:
417.79 KB, 417792 bytes
|
|
MD5:
24b0dee2b0d3263ae8fadee1a2c63919
SHA1:
478217907a49798f9164a6e246fa154a969cd28d
SHA256:
C57A013DA9D0D053F6BF3300AEA82B77A5E15046246A34CB7E5DECDACDA5CB24
File Size:
413.18 KB, 413184 bytes
|
|
MD5:
ba1cdc3aa0b654fede0564efbe9aad59
SHA1:
a5ed92240679eca992683d6e854f0a74d49bbae7
SHA256:
37B8B97A23C0BCFF14D9D0A6F80F161DE9DC08DD6EEA399F755D78161A9EA5E0
File Size:
414.72 KB, 414720 bytes
|
|
MD5:
7b09c693a21ff09888f4a9576ed87b21
SHA1:
a67699a95c3c6bfe318eda99c2621fbf7d5aed32
SHA256:
29055496D8B292819104FDA449565AD470F6AA67CB9ECA9558AD96D9C91C28CC
File Size:
403.46 KB, 403456 bytes
|
|
MD5:
e2f392221655de122322d1c61a26243c
SHA1:
41b88fbd081c024ef467d902782051ab8594803e
SHA256:
1BB8D1252043DFCC5FA1CD5DCD9AACCDDA1FBBBE472DE5988F11ACDD10F565B8
File Size:
403.46 KB, 403456 bytes
|
|
MD5:
8a6768376231640fc736221682016859
SHA1:
673601049924aef5bdef45552a47a4ecba5a611b
SHA256:
C355518F2F7F09E3828E3B9E51EAE8FFF90EA9D08A6EC000C3CC8F49C77AA42B
File Size:
403.97 KB, 403968 bytes
|
|
MD5:
feffa4d44e666ee86044876c8df62137
SHA1:
9613c5b73c041d1b2b700b7c12fc9e0b6ff6c0ba
SHA256:
9B907E12A04CC263DAF415C379338F0704F82E0984DCC3F9CDF8C4D986D5A27E
File Size:
403.46 KB, 403456 bytes
|
|
MD5:
1212931960e55cd6503211d3e36674e3
SHA1:
55403bc0d5a6124b7d707cb45c108025385ad745
SHA256:
0AE1B1F51349F615B88EE7771ADCED65A8306E860F7D5F3B5B4E78336331A346
File Size:
421.38 KB, 421376 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- HighEntropy
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,630 |
|---|---|
| Potentially Malicious Blocks: | 102 |
| Whitelisted Blocks: | 694 |
| Unknown Blocks: | 834 |
Visual Map
0
0
0
1
0
0
0
0
0
0
0
0
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
x
0
x
x
0
x
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
x
x
0
0
0
x
x
?
0
?
?
?
?
?
?
0
0
?
?
?
?
?
?
0
?
0
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
x
?
x
?
?
?
?
0
?
?
?
?
?
?
?
?
?
x
0
0
0
0
0
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
x
?
0
?
?
?
0
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
?
?
?
1
?
?
?
?
0
?
?
0
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
x
x
0
0
0
x
0
?
?
?
0
0
0
0
0
0
?
0
0
0
?
?
0
x
0
?
0
?
?
?
?
0
?
x
0
?
0
?
0
0
?
?
?
?
?
?
0
x
?
?
0
0
0
0
0
?
0
?
0
?
x
x
0
?
?
0
?
0
?
0
?
x
?
?
?
x
0
0
0
?
?
x
?
0
0
0
0
?
0
?
0
0
x
?
?
0
0
0
x
?
?
0
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
0
?
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
0
?
?
0
0
0
0
x
x
?
0
0
x
?
x
0
0
0
?
x
x
?
0
x
0
0
0
0
?
?
?
0
x
0
x
?
?
x
x
x
x
x
x
x
x
x
?
?
x
?
?
x
?
0
x
x
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
x
?
?
?
0
0
?
?
?
0
x
x
x
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
0
0
0
0
x
?
?
0
?
0
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
x
?
?
?
?
?
?
?
0
0
?
?
?
?
x
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
?
?
0
0
?
?
?
?
?
0
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
?
?
?
0
?
x
x
?
x
?
?
x
x
?
0
0
0
x
0
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
x
0
0
0
0
x
x
0
x
0
0
0
?
?
x
0
x
0
x
x
x
x
0
?
?
0
?
?
?
x
0
0
0
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
x
?
0
?
x
?
0
?
0
?
?
0
?
0
0
0
x
0
0
0
x
?
?
?
x
0
0
?
0
0
0
?
x
0
?
?
?
x
0
?
?
?
x
0
?
?
?
?
?
x
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
2
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2
3
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2
2
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cf02c6ab9f7721177f741f8ad45175b64e220026_0000444416.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e51d79cc7db569e82350bc4bc8f143831f480877_0000424960.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\53e76506f398ff725d7e0dc9e7968d66c0b75f12_0000414720.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ebe5b07ad54c14d6a386cc893b053a2881255c7_0000429568.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bbc91c4e319e3a6a25d440c9fdf49b0823217ce7_0000429568.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f1732c078d52a5c9a80d30f0cea9b3940174427e_0000429568.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6c91daded1f45dc80245b9b98e9130a77d35df5_0000409600.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d6af68cc9c9198855e47d6bb2725742f364b939d_0000409600.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\138f1bfde6f7dc35a8bbc06b9663a1f634ad116c_0000415744.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cf3dd0f68a607535058a1aefd8d6410a3fcac97c_0000409600.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\93003e743537bf622428042675dc103407cf1e52_0000415744.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b4c62134ed93960b5e604f6ca591c4180a933d01_0000410624.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\73dc70345965e86b4150a25038ac10c2b6aaa9d5_0000412672.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe2befc3d68df83eb06b186ea7cdff54e5a2dde2_0000413184.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\58ac0f732a0be92d005b3605cf7566c925ea42ab_0000412672.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6022543d36975b346b0f052f172088d37373eefa_0000468480.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bca3ce4377428f7aa0c93063a71998bdb56b40ea_0000410112.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f2584d07649dc9828f81a623bd51824bf7b509b_0000422400.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c38f2ccc6f5f0ba38dd7cfe73bcaa9f13528a776_0000422400.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4421495c07c8af07540c07bdbbc6b80d29889015_0000427008.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd30ae714cb606ccca7e5697cea1b3e9693b3c2a_0000413184.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\69dcadae358427b1331d9402938d525bdc7ae55b_0000426496.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfcbcd57368cac287fa6bf8baa6f580ee16a1629_0000409088.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e1d5745cdad6004a2914105c55dbf44f46d34786_0000409088.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ede0da31e72b83d0dac9a920bd2644dcb852037f_0000415232.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\45c21cee0975f0fc48d2f34bc0fd1ff628dae4a9_0000398848.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b054e170e43295b6ff4e653e0b800f3796305825_0000409088.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\43eea2e2ec431c8e4a60a76cb085259f629c2d11_0000426496.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d793e366d43b48035834c2b7fcea1438b26d43a5_0000413696.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\53251906855c78de2c7c3ee7df0a217c4620013a_0000413696.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa0363458457f22fce80a0916ac28e1e3c04c208_0000403968.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0a4429979e8110bc6684903f544ea7e74aeb1d3f_0000498688.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a4c0ee3ac2f372a8d818054be084454892b4ca7c_0000425984.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0be6e751d453f459545f8d8ec3abc35fc127bf0b_0000419328.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\057c8b4cd071232816d4ea44a5a9049de0cdf72a_0000419328.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f8ca56eb7f9ee86e48415165ace5889914ae677c_0000418304.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1c9f74a3622189599df6ae67524eea353be06104_0000410624.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\503d2c6ef9687e257facc18ec550335c5615c52c_0000422400.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3635693563c05043824b5532db787516d5776160_0000441344.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\04c9a7c06ac992ee3c4478e0d9e7427ca145dc0e_0000429056.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8a59420fa2dbd34e9a18c736331959a5eb974041_0000399872.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4b673e9c90e9e8ef23cc0de38ce4fc8a03d76065_0000401408.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f71d2cd13ecdf98b2246b1ac7995078394d7604_0000408064.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3b6d69530f8ae625c99c7634dde7d2c34feab35e_0000417792.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\478217907a49798f9164a6e246fa154a969cd28d_0000413184.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a5ed92240679eca992683d6e854f0a74d49bbae7_0000414720.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a67699a95c3c6bfe318eda99c2621fbf7d5aed32_0000403456.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\41b88fbd081c024ef467d902782051ab8594803e_0000403456.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\673601049924aef5bdef45552a47a4ecba5a611b_0000403968.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9613c5b73c041d1b2b700b7c12fc9e0b6ff6c0ba_0000403456.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\55403bc0d5a6124b7d707cb45c108025385ad745_0000421376.,LiQMAxHB
|
