Backdoor.Quasar.LD

By CagedTech in Backdoors

Table of Contents

Analysis Report

General information

Family Name:	Backdoor.Quasar.LD
Signature status:	Hash Mismatch

Known Samples

MD5: bdecfe4ca55300294700885c324bde91

SHA1: a2f7c003d3a4913b49ceb85a5767ef0959bafd0f

SHA256: 7610FE95DF2A433E8D52377E8301642DACB2E66B19D695F568A6B745D68FD3C5

File Size: 2.97 MB, 2971784 bytes

MD5: ff984175d23d413215d279d8ccde1894

SHA1: 924d4120972019d8c1a069cdb4a0080e0549aa0e

SHA256: 89D405D33BD1227D081C1CF7EB4D643289031F94E78CEF32209978CD683A09F6

File Size: 3.95 MB, 3947920 bytes

MD5: 3d6f0b4376012edf566fc0a48e6bdd81

SHA1: 0364b3f3262fadd9a7794a2204d4359b01f01d2e

SHA256: 0B00AAC0AD26A93DA08C1287ED349BCCE15580A5A28D10A63659A9185894DAC0

File Size: 2.49 MB, 2492304 bytes

MD5: 1d17b4c13630628796497ddd8e16fd61

SHA1: 81cfe004c8654319c21365613240818d35c6ef2b

SHA256: 9069065652568E6ED7E146F41C3D0ED915DE052687D5AA3283D330EF0D0B04EF

File Size: 2.98 MB, 2976392 bytes

MD5: 259a9674aad109a99ec691d8b2ad8ec1

SHA1: ebd2913ced912107f1f1ef76e75fa897c0648773

SHA256: 0D906266FDD5892221BB52FE5BF6E2793100C6E327F7073172080C5EA386E036

File Size: 2.75 MB, 2745992 bytes

MD5: ff16d278706c6e0ef3ba1c1a3a61fbd8

SHA1: 2ddc94be0034cadf884cd82cb9555966fa47f90b

SHA256: D378EAFD2F24AF93BFD44936867AA85D2B78434B7FD04960F7ED696F337B4389

File Size: 2.95 MB, 2954712 bytes

MD5: c4d8f6d07c8e77b315ddab56c84f753d

SHA1: 0c0c48878e1fc1cb13df7243934ff18523ed1ab2

SHA256: C8B3FDAD42090D6F0B2407C001B548A4136DB38946CCF65F4BE8E7B86C991C9D

File Size: 3.12 MB, 3120952 bytes

MD5: c6a3bec43513b98a8a481224d9b9b8ad

SHA1: f8a1815751e32582fb4dbc35572396edf61d78f1

SHA256: 73A901FCF21E2EC583D6AA63936E84DE38E0A606B96272CE8D2AEAEF7E370E3B

File Size: 5.37 MB, 5373000 bytes

MD5: 625b58b8c97b7f64b6f4ea24509dcd68

SHA1: f516fa76f156c81b15449e7406af8a3829c11a78

SHA256: 4FF3549C291BE1765C64C32353829C8B5EEB4F81D423200083C5BEE4F1B8ADAA

File Size: 4.43 MB, 4434504 bytes

MD5: 030c306ac5813970310b00eb9cff4628

SHA1: 6fdaebbb8647967fb0c377ab82c2542a016c1acc

SHA256: B9EAEB2C3E8E10C22A7557D49593D7B3C091CFBF728FE49E5CE91B2EA4DB65C3

File Size: 3.19 MB, 3191768 bytes

MD5: 2bcb879bb5c975e1af3df4a09c8a24cc

SHA1: f0411ce52cbe2f00388b5eeaee99b11ca8030b1a

SHA256: 8FA45CEB34EF11C62297FC5EC705478FF887CA51610CDE9DDBB81BB78E01E196

File Size: 3.18 MB, 3178639 bytes

MD5: 12c366c0719a878dd070c201518ba733

SHA1: c1c96ca62ad5cfda19f8a07c13986a8e98c0480f

SHA256: ECC31FB4371A842CAAD6CF1FCA700AF6F3C6A3FD72A56258A7FD5F46DA114519

File Size: 3.29 MB, 3290076 bytes

MD5: 5d4652b36c753d15e56864b3cbfac44e

SHA1: f5b24b32197fea0ba35c0dbd9614588efcab2e2c

SHA256: C1DF50057F1FE1F2FF28CE703C483A807FC5ED392EA3988B90D5667A19F7E590

File Size: 3.09 MB, 3085312 bytes

MD5: f49a7acfeb1137582b3c3f495362256e

SHA1: c9ea7faec79c7444153b4a0f42332060b243bdce

SHA256: AB53DC79039B72D25D27BFAA2C35A6C9BA3E70DC078CD412F72196F1E1F28ACF

File Size: 2.09 MB, 2089984 bytes

MD5: 79250bc54860fbd33dd96225ff9bd729

SHA1: 27a2b0e585d353dac5d594b6845f5a03c32c6d4a

SHA256: 894D83B3F010D6315908C0E29A119154C4863074D2DDB556885E479F7C798ED7

File Size: 1.96 MB, 1956352 bytes

MD5: f46b4d28a1a79488efc25a22c88a5dfd

SHA1: fc86a5c46a04fe8c954297bc1190ae87fcc5066c

SHA256: 0F636529FD8A084DB27856DF7E7220A9AE6AFECFFD268726EC61E94080510A89

File Size: 9.54 MB, 9542320 bytes

MD5: 65627dc3ad46446dd1d3fbb53c2887ef

SHA1: e8a1fa60481e104a407cd564131cbfedb3c7162e

SHA256: 8833CE2C783DAA6444361A57DF33EAA9B72A3DDDBC5CA2D8A6299153C4DC0E2E

File Size: 3.18 MB, 3181368 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Build version: 1.0.0.0215, Environment: usa This installation was built with Inno Setup.
Company Name	BandLab Singapore Pte Ltd. Cockos Incorporated D5 Inc. LagoFast LLC Mozilla PageBites, Inc Tencent
File Description	Cakewalk Product Center Setup D5 Launcher Installer ImoSetup LagoFast REAPER Tencent Game Downloader Thunderbird
File Version	18.05 7.49 2.1.4.393 1.4.15 1.0.0.096 1.0.0.0215 1, 0, 0, 1
Internal Name	7zS.sfx D5 Launcher install.exe REAPER setup TGBDownloader.exe
Legal Copyright	(C) LagoFast LLC Copyright (c) PageBites, Inc. All rights reserved. Copyright 2025 D5 Inc. All rights reserved. Copyright ? 2020 Tencent. All Rights Reserved. Copyright © 2023 BandLab Singapore Pte Ltd. Copyright ï¿½ 2005-2025 Mozilla
Legal Trademarks	REAPER is a registered trademark of Cockos Incorporated
Original Filename	7zS.sfx.exe D5Launcher.exe ImoSetup.exe install.exe reaper.exe TGBDownloader.exe
Product Name	Cakewalk Product Center D5 Launcher ImoSetup LagoFast REAPER Tencent Game Downloader Thunderbird
Product Version	18.05 7.49 2.1.4.393 1.4.15 1.0.0.096 1.0.0.0215 1, 0, 0, 1

Digital Signatures

Signer	Root	Status
Tencent Technology(Shenzhen) Company Limited	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
JUNYUN LIMITED	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
BandLab Singapore Pte. Ltd.	DigiCert Trusted Root G4	Hash Mismatch
Mozilla Corporation	DigiCert Trusted Root G4	Hash Mismatch

D5 Inc.	GlobalSign Code Signing Root R45	Hash Mismatch
Pagebites, Inc.	SSL.com Code Signing Intermediate CA RSA R1	Hash Mismatch
Cockos Incorporated	SSL.com EV Code Signing Intermediate CA RSA R3	Hash Mismatch
glitch.com	glitch.com	Self Signed

File Traits

big overlay
dll
golang
HighEntropy
InnoSetup Installer
Installer Version
No Version Info
x64

Block Information

Total Blocks:	6,156
Potentially Malicious Blocks:	999
Whitelisted Blocks:	5,144
Unknown Blocks:	13

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.FRFC
Agent.IDA
Agent.JFH
Agent.KFSK
Agent.KTSC

Agent.LPX
Agent.TKJ
Agent.TRFE
ClipBanker.KF
ClipBanker.RRA
Downloader.KFB
Downloader.KFC
Dropper.FF
Filecoder.GFD
Filecoder.IK
Filecoder.JKB
Filecoder.PFA
Filecoder.YA
Gamehack.OFA
Goshell.E
Kryptik.FSK
Kryptik.GFSC
Kryptik.GSH
Kryptik.IOB
Kryptik.KFT
Kryptik.MDA
Kryptik.UFE
Marte.ABC
Quasar.BC
Quasar.BCA
Quasar.LD
Quasar.LE
Quasar.RA
Quasar.S
Quasar.SA
Reconyc.FH
Reconyc.FI
ShellcodeRunner.AY
ShellcodeRunner.AYA
ShellcodeRunner.Gen.C
ShellcodeRunner.TF
ShellcodeRunner.TO
ShellcodeRunner.TV
Shlem.C
SmokeLoader.C
SmokeLoader.D
Trojan.ShellcodeRunner.Gen.DP
Trojan.ShellcodeRunner.Gen.FC
Trojan.ShellcodeRunner.Gen.GV
Vidar.PA
Vidar.PB

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClose ntdll.dll!NtConnectPort Show More ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletionEx ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetIoCompletion ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory ntdll.dll!NtYieldExecution UNKNOWN win32u.dll!NtUserCallOneParam win32u.dll!NtUserDestroyWindow win32u.dll!NtUserFindExistingCursorIcon win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetMessage win32u.dll!NtUserGetProp win32u.dll!NtUserGetThreadState win32u.dll!NtUserPostMessage win32u.dll!NtUserQueryWindow win32u.dll!NtUserRemoveProp win32u.dll!NtUserSetWindowLongPtr
Process Manipulation Evasion	NtUnmapViewOfSection VirtualAllocEx
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpReceiveResponse WinHttpSendRequest
Network Wininet	InternetOpen
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\\Windows\\SysWOW64\\explorer.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Backdoor.Quasar.LD

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Kryptik.JUD

Trojan.Agent.MBD

PUP.Baidu.A

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen