PUP.BadJoke.PG
Table of Contents
Analysis Report
General information
| Family Name: | PUP.BadJoke.PG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3f88af2ff6c929380294ea6b406de9aa
SHA1:
f95a0fa62b803094ce969b37364e3aa1d8079c52
SHA256:
7A8BA863B86526B5AA7EB5EFEA18415162AEF77A8CB1F2C328BF42EDD3853B39
File Size:
7.78 MB, 7776680 bytes
|
|
MD5:
f3319e077821a570a0192f3dad703296
SHA1:
a16327b694085a4dec773938a38bc549d7193c6f
SHA256:
F36AE1E772B4A7E4A54803ABC23EA5800DC68804079A41799C1EF3E71B09230D
File Size:
7.25 MB, 7246723 bytes
|
|
MD5:
7671e25ff8f1b8e884fd35bdc2b5ffcf
SHA1:
481c6db2efb156aa46d99b02be519a362a43a6bc
SHA256:
3B0B01232BDE3E033B4E2FC05261E5BB1A73CEE7238075CDEF6A83649F1DB583
File Size:
9.21 MB, 9214013 bytes
|
|
MD5:
2d480b6a0e67fc2eabd57f7cc1ff5e1f
SHA1:
9b7e9800004beb513aeae1499d7dc6956d128458
SHA256:
2CFE31839810AAE617E8E1CDDA045670FDDDAEB59CD50C3FC4AECBAF175F046A
File Size:
7.66 MB, 7658984 bytes
|
|
MD5:
5c6f46b52b07f2255022bdf6e524190e
SHA1:
78b3deabff41b20af47c23c6ed91739e111405ea
SHA256:
92121DBBD29B667A520DBE2058303E07FF383976CCB8AB360656F3A5AA6E8DB0
File Size:
5.65 MB, 5649700 bytes
|
Show More
|
MD5:
d22d4c1e29a7a80a8c902fa0c94bbebb
SHA1:
394625c48cf2cb000cdaeb26a3171ebab30f2d58
SHA256:
D535C15D6910F99F2C2F1C837567C14A57DD601FDCED6716C97F0910BD50D195
File Size:
6.70 MB, 6698774 bytes
|
|
MD5:
3924ad878bd22fdfe5623df44cd9ec65
SHA1:
ba857ebd5dc755f6a694400e49fa839573f5b202
SHA256:
67621B75460DA03AC84F932B34818424A3A2368C73AB24F37824FF8A8E05B454
File Size:
2.06 MB, 2063692 bytes
|
|
MD5:
4319345dedfe50b7efea004e0123f831
SHA1:
97c0366a31b1cdc0548170d33024c6483fc748e3
SHA256:
50A739948F01ABD7B5901FBFA568426ABA97F9DE082FB83F4C786E9079E5F392
File Size:
1.95 MB, 1948288 bytes
|
|
MD5:
f8cdb901add99c406115074afbf44044
SHA1:
709f42ab8859fa6a55b0413fbc20e328a77d9fc2
SHA256:
68CAEB24126EB199C13667DAD5522880172BE7C5F2BFF05E787E5334A5BDAEBE
File Size:
8.30 MB, 8297043 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Akeo Consulting | Sectigo Public Code Signing Root R46 | Hash Mismatch |
File Traits
- big overlay
- HighEntropy
- No Version Info
- Py-installer
- x64
- zlib (In Overlay)
- zlib overlay
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 866 |
|---|---|
| Potentially Malicious Blocks: | 4 |
| Whitelisted Blocks: | 862 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_mei10842\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\npd_suite_open.bat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\select.pyd | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_mei10842\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11922\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\npd_suite_open.bat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei13042\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\_wmi.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\psutil\_psutil_windows.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\python3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei16882\vcruntime140_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18442\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\npd_suite_open.bat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19602\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei25722\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\npd_suite_open.bat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei27522\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei2922\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei29922\libcrypto-3.dll | Generic Write,Read Attributes |
2338 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
Show More
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680 "c:\users\user\downloads\f95a0fa62b803094ce969b37364e3aa1d8079c52_0007776680"
|
c:\users\user\downloads\a16327b694085a4dec773938a38bc549d7193c6f_0007246723 "c:\users\user\downloads\a16327b694085a4dec773938a38bc549d7193c6f_0007246723"
|
c:\users\user\downloads\9b7e9800004beb513aeae1499d7dc6956d128458_0007658984 "c:\users\user\downloads\9b7e9800004beb513aeae1499d7dc6956d128458_0007658984"
|
c:\users\user\downloads\709f42ab8859fa6a55b0413fbc20e328a77d9fc2_0008297043 "c:\users\user\downloads\709f42ab8859fa6a55b0413fbc20e328a77d9fc2_0008297043"
|
