HEUR.Malware.Babel.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	6,699
Threat Level:	100 % (High)
Infected Computers:	898

First Seen:	January 7, 2013
Last Seen:	May 16, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	HEUR.Malware.Babel.Generic
Signature status:	No Signature

Known Samples

MD5: 9d15d1dd1eb4026147e596d2d2add828

SHA1: c42e447a7ab8b8433246944c883d9066b550697d

SHA256: E87D1C4BC47D418266CE86AFD606AE4B00C18E2685DCFD1C0EB16D6FD46A9C44

File Size: 755.32 KB, 755320 bytes

MD5: 5e764a9d36e2c0ecff19bd6bdb0674ae

SHA1: 6ac48fcf1839fbea8fd15ab770a2ae6bc48a60c8

SHA256: B132EC186C9586162D88BADADF5045233663B9A8619D6BAC806EE53BCB1A1A75

File Size: 206.34 KB, 206336 bytes

MD5: b0d4df290a1c1e14846c900f4777af06

SHA1: f274a3fcc6afd3fc11823ba1a3a119f4d55d2f43

SHA256: B6D23050A6B84588E8E66C1E7B8DD24F401EEFF5BF3FB03C4E9186AAB764542B

File Size: 857.72 KB, 857720 bytes

MD5: 0eeb22e7e098f65cccdd421a4563119b

SHA1: 392ec23237fabb36253cbb0481e6ad51d519d4ef

SHA256: 5055A10AF346F73597AC99B0DBC8865190405780D4A41D72BEF2D74858CCD3E4

File Size: 1.71 MB, 1710200 bytes

MD5: 02a067f11fcc1a5d9d876e77f95b5c2e

SHA1: 7ca30375522989679de44a4a2e91f2de1da101b8

SHA256: F416643BB2D4AC84555DECAE8AE3E6F4E34B26102CAC8CA297804CEF2A7200BD

File Size: 1.70 MB, 1700472 bytes

MD5: b0e77489bfea9b7ba333f0e928aca3c5

SHA1: 6c4b0f0b2e4cfc5a50417ca94867494189dfea5e

SHA256: E7BD38921FA708FF7BF269F2DC1C074DF777A99E9825247DD6EC87090C30BAB9

File Size: 857.72 KB, 857720 bytes

MD5: 9ea4c4b34dc8e74ccd95fb9777254ae9

SHA1: 47d224ef9e4dbb0439622aa46a1ede4da6c32e25

SHA256: 11B7B13AAA9F8CC973C96C579A6CE5752F88427CCAC06CE20F290FB1CA49097C

File Size: 857.72 KB, 857720 bytes

MD5: 33194fc6d8f73dd73874e37f1cdf383a

SHA1: 53c03668f75023398e31eb11988ebd2eeeb57561

SHA256: 0272215D11E7EA443E6BEBF33D08BF3CCAEDCF57EE3E2AF4CB9E264A832D651D

File Size: 282.74 KB, 282744 bytes

MD5: a3688637b5a2cab4d050a34925190c3b

SHA1: bd044ea1cb5738411e33be73a4b31017aae79188

SHA256: 05C73A3C165D7E12E2C0B1CB3883B5370271E2C77F90E04EE15E92B110CD3865

File Size: 2.17 MB, 2172778 bytes

MD5: 19accaf9313055de3d04905f9fd9eeef

SHA1: 163b34ee1ec5a445748ca845b8396742ff4df419

SHA256: 230DD4558A1E576582D3C552A21C2B5DEC6793EA99EB9AA36E33BC4ED872DBE9

File Size: 858.74 KB, 858744 bytes

MD5: 5704f5d6afef2049b39011ff154f60aa

SHA1: 9fc9c5911731f04a2ddbcb98adef0292bfd91d31

SHA256: 0B283E67F6EA1CE588C880DAA24CFFF6117852C4D89D5C7FE18636ACFA6BF674

File Size: 6.29 MB, 6293824 bytes

MD5: 7a6d51c13f9f00b01fe4bf41a67696d2

SHA1: 7598b992516ba2efd55bd8c3a7bcc51624de1f7c

SHA256: F921AF6824A35C6C2DAE998001024FB6877D94453C23CE5D521B954417346C56

File Size: 2.66 MB, 2663272 bytes

MD5: dd06410fa94bb410cb87caa2d27b589a

SHA1: 57650c58c18e2df7e7c4e5c296f9344b44feea87

SHA256: 9AA2CFC3A2E39EF3C14CBC4A21297059F7DF80D418540B86152FBDE15338E056

File Size: 3.77 MB, 3772416 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	19.1.25349.2 7.2.50701.0 4.0.2024.7021 2.2.8.0 2.2.6.0 2.2.3.2 2.2.2.0 2.2.1.0 2.2.0.3 2.2.0.0 Show More 2.0.4.2
Comments	Cad library License Wizard for .NET4
Company Name	Diagnostics Gaea.Server QuadSpinner Royal Apps GmbH Soraco Technologies Inc. Valve Corporation Wout Ware
File Description	CadLib Diagnostics Gaea.Engine Gaea.Nodes Gaea.Server License Wizard RoyalServer.ManagementEndpoint.Module.HyperV Steam Client Service
File Version	19.1.25349.2 08.63.11.84 7.2.50701 4.0.2024.7021 2.2.8.0 2.2.6.0 2.2.3.2 2.2.2.0 2.2.1.0 2.2.0.3 Show More 2.2.0.0 2.0.4.2
Internal Name	Diagnostics.dll Gaea.Engine.dll Gaea.Nodes.dll Gaea.Server.dll QlmLicenseWizard.exe RoyalServer.ManagementEndpoint.Module.HyperV.dll Steam Client Service (buildbot_steam-relclient-win32-builder_steam_rel_client_win32@steam-relclient-win32-builder) WW.Cad.dll
Legal Copyright	(C) 2004-2024 Wout Ware Copyright (C) 2016-2024 Copyright (C) 2016-2026 Copyright (C) Valve Corporation Copyright © 2012-2025 Copyright © 2025, Royal Apps GmbH, Austria
Original Filename	Diagnostics.dll Gaea.Engine.dll Gaea.Nodes.dll Gaea.Server.dll QlmLicenseWizard.exe RoyalServer.ManagementEndpoint.Module.HyperV.dll SteamService.exe WW.Cad.dll
Product Name	CadLib Diagnostics Gaea.Engine Gaea.Nodes Gaea.Server Quick License Manager Wizard for .NET4 RoyalServer.ManagementEndpoint.Module.HyperV Steam Client Service
Product Version	19.1.25349.2 7.03.50701.0-Branch.ts-publish-tc-v7.03.50701.0-t1036.Sha.a4f65b0d6a964462978e7c1e65eca5bb08c12540+a4f65b0d6a964462978e7c1e65eca5bb08c12540 4.0.2024.7021 2.2.8.0+676bbbf903a18c74c5cad5f52861f53cc1570926 2.2.6.0+3297f72b2f6e83966dfa2dfba877992e9616678a 2.2.3.2+5b3e0dfb42692837700402f79ab921c6803df370 2.2.2.0+ffca12da22397babd9ebeedc52c59eaf1e5cc435 2.2.1.0+d336b92d765ac39e80d6c8fa88eaf9861f1eeb35 2.2.0.3+7ba0c35a3be755c0f3881c778f9ac73e248678ce 2.2.0.0+50e62025c43112e8b5bd81d6c08596074ef6ee8f Show More 2.0.4.2+6e5a5654e76daca2c0fda1af54bf785f44a252cb 01.00.00.01
Source Control I D	8631184

Digital Signatures

Signer	Root	Status
Valve Corp.	DigiCert Trusted Root G4	Hash Mismatch
QuadSpinner	SSL.com Code Signing Intermediate CA ECC R2	Self Signed
Soraco Technologies Inc.	SSL.com Code Signing Intermediate CA ECC R2	Self Signed

File Traits

.NET
babel
big overlay
dll
HighEntropy
Installer Manifest
NewLateBinding
x64
x86

Block Information

Total Blocks:	13,159
Potentially Malicious Blocks:	253
Whitelisted Blocks:	4,205
Unknown Blocks:	8,701

Visual Map

? ? ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? x 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? x ? ? ? ? 0 0 0 x ? x ? x x x ? ? x ? x x ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? 0 0 ? ? 0 ? ? ? ? 0 0 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? 0 ? 0 0 0 ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? 0 ? x ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 x ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 x ? 0 ? ? 0 0 x ? 0 ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 ? 0 0 x ? ? ? ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? x ? ? 0 ? x x 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 0 ? ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 x ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? 0 ? ? 0 0 ? 0 0 ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? 0 ? 0 0 ? ? ? x ? x ? x ? 0 ? 0 0 0 ? ? ? ? 0 0 0 0 0 x ? ? ? ? 0 0 ? 0 ? 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? x ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 0 0 0 ? 0 ? ? ? ? 0 0 0 ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 x ? ? 0 x ? ? 0 0 0 0 ? ? ? ? 0 0 0 ? ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 0 x ? 0 ? ? ? 0 0 0 ? ? 0 0 0 ? 0 ? ? ? 0 0 ? ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 x ? 0 ? ? ? 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? x 0 ? ? 0 0 ? ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? 0 ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? x 0 0 ? 0 0 ? 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? x ? x ? 0 ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 ? ? 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? 0 ? 0 0 ? ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Agent.HGF
MSIL.Downloader.Tiny.UA
MSIL.Dropper.SE
MSIL.Krypt.TDB
MSIL.Krypt.YACB

MSIL.Redline.RC
MSIL.Redline.RD

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant Show More ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal win32u.dll!NtUserBuildHwndList win32u.dll!NtUserCallTwoParam win32u.dll!NtUserCreateEmptyCursorObject win32u.dll!NtUserCreateWindowEx 30 additional items are not displayed above.
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Other Suspicious	AdjustTokenPrivileges

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

HEUR.Malware.Babel.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Isafe-net.com

Trojan.Downloader.Waledac.C

Email Deliverability Alert Email Scam

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen