Multi-License Discount Quote

Change Region

English
Threat Database Malware Hacktool.Deeflud

Hacktool.Deeflud

By Sumo3000 in Malware

Threat Scorecard

Popularity Rank: 986
Threat Level: 10 % (Normal)
Infected Computers: 13,511
First Seen: January 18, 2012
Last Seen: April 13, 2026
OS(es) Affected: Windows

Hacktool.Deeflud is a harmful application that can be used to perform denial of service attacks from the corrupted computer by flooding the target with TCP and UDP network traffic. Once Hacktool.Deeflud is run, it may drop corrupt system files. Hacktool.Deeflud can make your PC to freeze up or stop responding frequently. Hacktool.Deeflud can change your browser or account settings without your consent although you have changed them back for a few times. Hacktool.Deeflud can also take you to unwanted web pages and change your web search results. It is highly recommended to remove Hacktool.Deeflud as soon as possible.

File System Details

Hacktool.Deeflud may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Gautam's_Qualcomm_Tool.exe 06c949a459b9a5b67ab86ebfae831ee2 143
2. IMEI QCN Tool.exe a658d0b81eadeee376bad51884e9ad66 24
3. %CurrentFolder%\indez.aspx

Analysis Report

General information

Family Name: PUP.Hacktool.IMEI
Packers: UPX
Signature status: No Signature

Known Samples

MD5: b4e1ab0fcce57d71615566a4a50f375e
SHA1: e03510679c29bfef0d2a351026ff8a4d992d1ab5
File Size: 391.20 KB, 391197 bytes
MD5: 3210027474692fdd18f40578aeb0fef1
SHA1: 5b684b7217a539345daaa8ed6446006cff224f30
File Size: 3.27 MB, 3266621 bytes
MD5: d3713ac77947183305e50e058df75904
SHA1: c0c716d4aa5067cc0728313c64cbdb3444506439
File Size: 1.36 MB, 1355731 bytes
MD5: 72c92288ef5bce0429b4a3af7c4e2714
SHA1: 9aa02905b23a10f1a6c7303d3a365f076be3b46c
SHA256: 2975AB2470C30C107B06EB4C41794FD020E385AD8CDC647323753FA74891F493
File Size: 3.59 MB, 3586903 bytes
MD5: 3dcfe1a2b09329a07c7fc2abaf080037
SHA1: 4f1b1b665c6e3a3ef785e57001d9796862c4caa5
SHA256: 5D96BD7D2C6E06ECBC2401845AF25667A83E6ED59D015027B449DD01C5441C37
File Size: 476.01 KB, 476009 bytes
Show More
MD5: 50962e588c9802a2429221ec68def012
SHA1: 26fe7d4b4c5fb5f4cb7120203c18174cdfe9c553
SHA256: E680840DD6CE83FF106B2AE414FE707DAFAF06CACAAB1CF8F42C92589083C226
File Size: 1.08 MB, 1076224 bytes
MD5: 9521d12e86fb365d902a0096804898d6
SHA1: c9c4bed769d4b36cdfbc4a859cf53dd5597364cc
SHA256: 3A94805D3D6D23E9BED1AA26F072CEF4F1B5F1AA04AC045B5EFEA2B1976C88AD
File Size: 6.39 MB, 6391976 bytes
MD5: e49da1d4227051e041e4a4043026cf66
SHA1: 41ca17db1d476602c35d9531db636ce2467045b6
SHA256: 0D2087C0E5A43DFD4DC9B735A785C487F57C83AB83FB4D7AE04CE10796B1E40D
File Size: 6.39 MB, 6391890 bytes
MD5: 66f834daaf8404d72cdd01443b40a0d0
SHA1: c0030638566f79e9a5e92ebed52ce3f727de0047
SHA256: 6F3C6DFBB60FA5C7077627C7FD3506FD96A358A5E30A27BE7C92B35D3136777C
File Size: 275.46 KB, 275456 bytes
MD5: 873a8d648d5d4080fe74ff3d932613cf
SHA1: 2a18f1eafbad3afda828d782b205f7b0bea7325f
SHA256: 4F70ED7C82E772077BF3A7506AD63E0345CB436BABBCD3BCEE02397731FB4277
File Size: 2.47 MB, 2473483 bytes
MD5: b3a8c7d1a359e6b2bcb810490c33aef2
SHA1: fb0affff658519afc1ffb80c1a3d72680737272c
SHA256: 09A4DEC70AF3111A463F64975CB2699C11F10378D75CC4B101466EA307FA3874
File Size: 3.59 MB, 3586903 bytes
MD5: 7b9ab94b56fffd63aa77ba719575586c
SHA1: 82c6d2e24f702951ff117dd70edcdd79545c708c
SHA256: 51A47A32EDC074FEB67B5C6A9344E17F756808BB9C69FF41C2B119B7723BAF02
File Size: 744.92 KB, 744922 bytes
MD5: 81d2f39e05eb6b047c4243d35154ca96
SHA1: 5b1469540c009e54b9192a3b0cac35e679341006
SHA256: AB932338F597FD7E4EA02E8C78D92C6CF0D83ADF7160679856E5BCD93535558F
File Size: 3.31 MB, 3309735 bytes
MD5: fff51a627f33a9eb15ce604b20263d8f
SHA1: 4e990d17dfa4e55d0ad2207f9b000ae61b14c012
SHA256: 6B045B3BDE08667FB19D5B5821C7EAAA89D975D236FE3C185CF562773E6D4095
File Size: 155.93 KB, 155932 bytes
MD5: cf97985a6d1414f61374f70b536ff87d
SHA1: b1e4d59bbccf0a7c3b8d4d4e2592397a461a3edf
SHA256: 195D77415044E13E319794C32C9CBEE4EB474A172A12F0F78C2B0074CA562652
File Size: 3.88 MB, 3875557 bytes
MD5: a2302a4037012b1631c31c8221c9a851
SHA1: 1974a03463787cff16217a385eb7de32371fb34f
SHA256: 6A39ACD495BD50155AB38FE0E1AC4391FBDE2379F2F282325F07EF3ED8D939E2
File Size: 3.43 MB, 3434045 bytes
MD5: f8783e0d3ae10f1a3a37e3f4d5580094
SHA1: 8c6a8981708ca19df69d2f38e5cecb309b413a1c
SHA256: 68412279C70FB0CAFED20CAC9968635BF63BD02EF940056FD5FA300EB7C151AF
File Size: 3.88 MB, 3879753 bytes
MD5: 87088d65de1be9ea15ce4f6b64cd7560
SHA1: 4d2c0698ae723e4956c41cf28e586a64e8811e33
SHA256: A7F36125CF8886B0F3A70BBA82424D145CFBF0AFEDB7437102C91055AB90DEF5
File Size: 7.26 MB, 7261749 bytes
MD5: 6de0af1cea4ee4887ff1a2a954f4f620
SHA1: 6b8ac07e8b854a9596eef24d57d89d3bf97a22ba
SHA256: 555F12657EB534392427073AAA016A828D6B4647C97DCDD7C6BE1C64C69A153E
File Size: 245.81 KB, 245815 bytes
MD5: 826ed2e528585620a395e2601e0464f2
SHA1: f6b695ea636e8921cb150ec5ade999b5e6cb436f
SHA256: 2682FC506EC48128C9844DE2934C188FE9F39220DCD9C7E352DE75A48952232A
File Size: 6.40 MB, 6396729 bytes
MD5: 9d33c5ca56e9ca57092b385554a372de
SHA1: 144774b8e05e134e6a54fdd686cfc75622cf1075
SHA256: 1A6CDCB3C2E8B61DF88305373C1EF1DC21BD989587FC009C89315608FA6F00A2
File Size: 565.41 KB, 565406 bytes
MD5: 42ef49a8db36876e9896a9c2e86dad96
SHA1: ac66db0761910bfc2c2cdd6d4db277410ae0d894
SHA256: 4A36CF854177FA7E0BA03145EC99BCE3B2DA5D071A1BEECA8B166A7B2D0BE48C
File Size: 186.49 KB, 186491 bytes
MD5: bb31654a7bdc68801d28575e5e070707
SHA1: 831c7b4af4bf2560b25c134d4f31aacb8d5bed3b
SHA256: 30293C6E18C891D0C0AF502C48E434812C65FC0A9B72BD79B29F2874E8B45B2A
File Size: 5.08 MB, 5082882 bytes
MD5: a764662353db98bdec127a19f732ce6f
SHA1: 6b064f75d75bc952581d4a559438454829c8d020
SHA256: 3912BC9BB2A623B97FE8EB7EDE91485251997395CDA19ECEB78F2AA77F143DE7
File Size: 7.69 MB, 7689728 bytes
MD5: 02685b802e52ff598e96f15e78eb3600
SHA1: 04c95bbb01dfc24af6ac8fa62e4f35f3f674afae
SHA256: 053B495807C68F70724CCCE205ADED817A983B07916D1B523A27AA65FA812D8D
File Size: 565.47 KB, 565473 bytes
MD5: de1792d2d9e61ac1c3aa0107e806c3a0
SHA1: e397b308982c387407bf77fbcdfa0b4dd9dbbe75
SHA256: ED40E98B2406276023F309E1F4B4622969B9DAA8BF0DC59E09A4E147E2A34D2B
File Size: 54.89 KB, 54888 bytes
MD5: bf4360afaca1ae0684b8c7435e0655e7
SHA1: 48578aa36f0b06978649815f6bdccbe8e8b854ba
SHA256: 4A1A858AEF574F1C1C8ECAC93FACC98683E2CDBB7672465CC06E67474BC3E696
File Size: 7.83 MB, 7833666 bytes
MD5: cb91b0b01bce11ad957fb2a4fa9de7f1
SHA1: 4fc10dfe69c6c048d2af928dc6e3fc4ddec9eb5b
SHA256: 6A0A8CDAE29E483F9434B12391047C68B206BF941DAC48C8856D4B59396F48AD
File Size: 1.02 MB, 1016907 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Build
  • 2013/04/04
  • 2013/11/05
  • 2013/12/19
Comments
  • 1.5.5 build 25
  • File loader configuration tool
  • Gameplay tool configuration
  • SRSPRO Online Activator
  • This installation was built with Inno Setup.
Company Name
  • 123Unlock
  • SeharH Gsm Services
  • SMART GSM SOLUTION
  • 广州五芯级网络科技有限公司
Compile Date
  • 2013'年'4'月'4'日' 6:45:09
  • 2013'年'11'月'5'日' 19:57:54
  • 2013'年'12'月'19'日' 6:02:34
Compiled Script AutoIt v3 Script: 3, 3, 8, 1
Copyright Jenkey1002
File Description
  • A bootable USB
  • Adf.ly Bot 1.5.5
  • File loader configuration tool
  • Gameplay tool configuration
  • Setup/Uninstall
  • SRSPRO Online Activator
  • Wuxinji-Indonesia
  • 五芯级维修宝典
File Version
  • 51.1054.0.0
  • 51.1052.0.0
  • 3.3.2.0
  • 3, 3, 8, 1
  • 1.5.5.25
  • 1.00
  • 1.0.7.4
  • 1.0.7.2
  • 0.08
  • 0, 9, 0, 4
Internal Name
  • activate-pro
  • File loader config.exe
  • Gameplay config.exe
  • TJprojMain
  • Wuxinji-Indonesia
  • 五芯级
Legal Copyright
  • 123Unlock.nl GSM Service
  • Copyright (c) 2009 Aris (feraris20@hotmail.com)
  • Copyright (C) 2012 Jenkey1002.
  • Copyright (C) 2013 Jenkey1002.
  • Copyright (C) 2019
  • Copyright (C) 2023
  • Last1Left
Legal Trademarks 123Unlock.nl
Original Filename
  • ABUSB.exe
  • activate-pro.exe
  • File loader config.exe
  • Gameplay config.exe
  • TJprojMain.exe
  • Wuxinji-Indonesia
  • 五芯级
Product Name
  • A bootable USB
  • File loader config
  • FRPFILE ACTIVATOR
  • Hydra Tool
  • MH Unlocker Pro
  • Miracle Thunder
  • MiracleThunder PreActivated
  • PES2013 Gameplay tool
  • Project1
  • SRSPRO Online Activator
Show More
  • Wuxinji-Indonesia
  • 五芯级
Product Version
  • v2026.1.27.1
  • V1.0
  • 6.0.0
  • 5.8
  • 4.5
  • 3.40
  • 3.3.2.0
  • 3.0.3
  • 2.82
  • 1.00
Show More
  • 1.0.7.4
  • 1.0.7.2
  • 1.0.0
  • 0. 9. 0. 4
  • 0.08
Website http://last1left.tk

Digital Signatures

Signer Root Status
123 Unlock Starfield Root Certificate Authority - G2 Root Not Trusted

File Traits

  • .NET
  • 00 section
  • 2+ executable sections
  • Autoit
  • big overlay
  • Confuser
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
Show More
  • Installer Version
  • No Version Info
  • ntdll
  • packed
  • PEC2
  • PECompact v2.20
  • SIM
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 3,376
Potentially Malicious Blocks: 0
Whitelisted Blocks: 3,376
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 1 1 0 2 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autoit
  • BadJoke.FH
  • Banker.GT
  • Banker.LH
  • Banker.R
Show More
  • BestaFera.G
  • Delf.DA
  • DialupPass.A
  • Emotet.CDD
  • Injector.AK
  • Injector.XD
  • Lumma.AC
  • Lumma.Z
  • Lumma.ZA
  • Ousaban.V
  • Penguish.KB
  • Stealer.KF

Files Modified

File Attributes
c:\users\user\appdata\local\temp\temp.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\img_3325.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\__tmp_rar_sfx_access_check_9286140 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\mediatek universal tools.exe Generic Write,Read Attributes
c:\users\user\downloads\mediatek universal tools.exe Synchronize,Write Attributes
c:\users\user\downloads\mss32.dll.vbs Generic Write,Read Attributes
c:\users\user\downloads\mss32.dll.vbs Synchronize,Write Attributes
c:\users\user\downloads\scripts.ps1 Generic Write,Read Attributes
c:\users\user\downloads\scripts.ps1 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 閃僇Ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@c:\windows\system32\wshext.dll,-4511 Open &with Command Prompt RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname Microsoft ® Windows Based Script Host RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal

61 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Service Control
  • OpenSCManager

Shell Command Execution

C:\WINDOWS\system32\cmd.exe /c cd /d %temp%&&echo %cd%>temp.tmp
(NULL) c:\users\user\downloads\Mss32.dll.vbs

Trending

Most Viewed

Loading...