PUP.BadJoke.PHA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.BadJoke.PHA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
cc1401e69a773e2f2cbadea117330d71
SHA1:
ee9e15fe659d302c2ab6791570b6abb34b886259
File Size:
9.81 MB, 9806719 bytes
|
|
MD5:
0c5876db3d206fc52d9b953e4c8d7b29
SHA1:
7626f7d00368bcb967ec00582900c4b0412e9223
File Size:
8.05 MB, 8054268 bytes
|
|
MD5:
9a15084eb9eb4ffd00146dfcf3c4008f
SHA1:
2959a7f90c7b2c7c86609ba85cb8eae2a65a51e6
File Size:
3.54 MB, 3540015 bytes
|
|
MD5:
fb0141ecf6b62e71a45fc75ca69be347
SHA1:
49d88c691e7867cdd61fab989e02310c4ab62702
SHA256:
149687A2F20AD59AC2C2651420DCE3839CAA2E1AEDC90A57E61AF4213702AE2A
File Size:
9.23 MB, 9234766 bytes
|
|
MD5:
1fbf230c5bce0ab8085e276dd94f7577
SHA1:
0c886160485f1a5303b6deb27c6582dfac952905
SHA256:
7D1DC18109E1A059797B2806FA8F9959E126C4457FE5DA44731C26FD3C08F202
File Size:
9.52 MB, 9518939 bytes
|
Show More
|
MD5:
bc0a2ce9318e14d93b9a7a9f3b6c7372
SHA1:
c88d59df33be86dfa2dc8ea6a0a2c11d80270468
SHA256:
A599403A3FAC9932D479CA70B4D5B628F70799A4B600D68E1F60321E2223A883
File Size:
6.20 MB, 6199825 bytes
|
|
MD5:
54255a3e231859b468234aba7e0757af
SHA1:
e1c69832f7c6d1de0a824b5246983f5eee316998
SHA256:
D9C5C5206B2A6CF8D92F3F558976D0091246DBD4FADB8F13FEF83A831112DD8D
File Size:
1.63 MB, 1627364 bytes
|
|
MD5:
eb20d2c6a4b19a50bbb7b079ad95efad
SHA1:
a8afcadbfee46db4225d1dce4c64098fb1e015ae
SHA256:
34C7189181CF76D40AE8CBB6CC2C6F2E08A1547B74D0B4E043AB072A0185F9AE
File Size:
7.90 MB, 7898226 bytes
|
|
MD5:
8a97560062c20d38ddb4cbda4142f68c
SHA1:
59764e48b79e7fece65872377657816adc608ef5
SHA256:
9E3F8A9CA23699C3F753402BD56751704327A7E78BE10FAACFF75CF894FD2E85
File Size:
8.03 MB, 8033590 bytes
|
|
MD5:
f3261e38c89703748cd5258cf10df168
SHA1:
57440ae0bd947eb14fe614ecb237f91bd9200b28
SHA256:
963AE7961D7AE222B5F4BECEED9B8EAECB36E086916E8E6C7A5FF26874E13DFA
File Size:
3.62 MB, 3615273 bytes
|
|
MD5:
e62ea53bf9635262ff4406482b132cac
SHA1:
0027aed833fc7ec9aacc3cac8e9199da22bf5b56
SHA256:
13614BDAD2B7435A6CC077EC0AA69D14945572D5AC3204EA28072BB201BD6157
File Size:
8.09 MB, 8086689 bytes
|
|
MD5:
2814aba6ff6bb852fd6b89a495d4c94f
SHA1:
15f5332daab5ae5cc9cab14e78ae07cabe57586e
SHA256:
A88661371C8E9DD2946AB25DA5DD0189C08BF636D4B06FD85DCE9097B0024EEF
File Size:
9.55 MB, 9550710 bytes
|
|
MD5:
1028652bc4026c96aa16f8c0a6318c81
SHA1:
4e21fa8f6909a791dd1615bd8f0ec93976232e41
SHA256:
0601E58FF97191BB3BB806AC9904387DA4386F95B94DEBF9290B1ECCA2D1DC81
File Size:
2.05 MB, 2052709 bytes
|
|
MD5:
db564d570ad3e2adad26ec96fb576cd7
SHA1:
db50292ab16ddf6f2d8b5d75715cf3372da675ab
SHA256:
0FEE4C54A7C8BA1EAD13557D2E3E4D843223A4CC3761B37F846BBF77C207F719
File Size:
7.25 MB, 7248396 bytes
|
|
MD5:
a059dae7138cfc329f419c7017690e1f
SHA1:
264d3dd7125f698e515063222376764a5fb1b9b2
SHA256:
FBF21A277828DAF1CC99E9A511EF5BA475EE4C451BF5B92CFF9E26A4A9CE6708
File Size:
1.15 MB, 1145879 bytes
|
|
MD5:
cd07d69b7fbf22172a95ab7b977f22c1
SHA1:
138fd901e1707475042aa86c265aefbad3e2da40
SHA256:
72D54375A6B3C5FBC0645827B538B30E51E59B1233C6F9BCC3195B4449F8DBCA
File Size:
8.60 MB, 8599960 bytes
|
|
MD5:
c0c4e9d7ec80ea7cd730043a2446aaed
SHA1:
a4a6bc7214e41ec51104cc317dd9dd354df2461d
SHA256:
D2FDC0799A37CC6ED60D800FC7256F087B5761C4BC1E50173BEEFBE23A04DAF3
File Size:
8.22 MB, 8220346 bytes
|
|
MD5:
a2d45568c6c00880a60f6708055c0d4f
SHA1:
0768e14b634eb55197dfda4191c3e443d0cfe22f
SHA256:
300CEAB28928D4273B0E669C935894EB3B4C077ABF74735707F71DAF2E70ED38
File Size:
8.51 MB, 8506832 bytes
|
|
MD5:
8f20af2f8110c14d8080f34c30127d61
SHA1:
3e1afd2c8941dbaffc961793449fcb0b2cf113d0
SHA256:
514C350CB2179C27152760D8FB0A2F1A6177681ABDC1C81562E2146F79417D39
File Size:
2.83 MB, 2833091 bytes
|
|
MD5:
cfab74bb4340d0abcc0f4b364e7d7718
SHA1:
bd0d98935097614772279cc6066abfa84ff0ca8e
SHA256:
965190D6A66AFC78480C942FAE8E55C4B5DF86572C43A0F5F61B014B3AEA10A9
File Size:
2.19 MB, 2194409 bytes
|
|
MD5:
a2cd35080f268e359a28e6e20621dbed
SHA1:
97c8f22533fda6b6a181e90cf51f25046bf0aa64
SHA256:
52EBB8FA7A4B27296CB9B8C5B968A1C4524E26686088FCA618409FFE88052644
File Size:
9.70 MB, 9701923 bytes
|
|
MD5:
d27a67c71e880ea049d7c27a86f407f4
SHA1:
4e5af2db0b5ffc0dcafaf2052f1b895c9e4e7fd2
SHA256:
7FFE7092086224E1B4068B906D97F47CC0E3379762ABCBA576ADF27DAD532DD7
File Size:
5.65 MB, 5647265 bytes
|
|
MD5:
4f16ef46e46525424cc27bc938cccf51
SHA1:
dd8b4c694de2a4b4336f56b5236c13f1c0a76665
SHA256:
3DEAFAB02E7FFB9D1EE3AA69548488566020C34A6F7AFF2EDD53CDCB7536C116
File Size:
8.39 MB, 8388608 bytes
|
|
MD5:
d4e5e3238c48e50b56d3c94efb8e53b4
SHA1:
3fb2084bc33d42e3d8f0ccea4c3d3e40442125df
SHA256:
015133DA6B07474A5A7AC52C91030357067E73CC89A35BDA100E2173EF5CF53D
File Size:
9.97 MB, 9969554 bytes
|
|
MD5:
47b7c9283bbbaa35d46dacd8375e2bcd
SHA1:
b4b01a4f2c711905799e7fcab53b678a27251342
SHA256:
BDECCE6689F9586EBD79A4C1F06A65BC4A6E9C6F21CF1C196C74DFCD52C25B0E
File Size:
6.76 MB, 6756363 bytes
|
|
MD5:
162d06858637a239246335be5515a8a4
SHA1:
bba25c305414283b4fd4924da140bf6d3a278660
SHA256:
013BE4C37FA64B48CB8300127CFD134419B94F3FC47F942709979266FE1387F4
File Size:
5.07 MB, 5068935 bytes
|
|
MD5:
8ba00a02e58a34688aafe8c7a5b15e48
SHA1:
596703fdcba0d84961c0376c2ac7364a3b41189e
SHA256:
12DD7C9BF94ACDEF80A4104A177AD426E68E3389189A5BCD7BCD3E34B33FCFD5
File Size:
8.05 MB, 8054465 bytes
|
|
MD5:
993d1f15ae1a627610d1080dd2d2b3f1
SHA1:
311cdef5917b43e81f7d86095b0ced274001f1e0
SHA256:
AB706C8AAEFC491D69E7E2E59E414445F6B37C1FCE5341D7114D128D594FCCBF
File Size:
3.01 MB, 3012728 bytes
|
|
MD5:
d1fe1dcdfefadd82fdefee50f3faad79
SHA1:
3ff382c6375c76eace843e8a6c9aa72732fc482d
SHA256:
3E98FCFE8675D865664B75D5933B1DCB731080C07EDC7B9E6E22E7B2124E3EFE
File Size:
4.43 MB, 4433438 bytes
|
|
MD5:
dc6f5437199c5fbc1e290a8ffd843e7f
SHA1:
a941c573e893d752087e057946e971c9727e3d85
SHA256:
1122B778A1DBE75A8C597DCA475B3A84966B6D46773F7DB895292D37A7A1421A
File Size:
6.13 MB, 6129175 bytes
|
|
MD5:
e0e16d1d9df3213facf7332abb90e465
SHA1:
35ea86addc3a52770796ab90ab3975f7b168c335
SHA256:
B8AE89C22EA73D0734576228DC134FC9CD2D842D1896FF7A1C1AEC0BB32CC14A
File Size:
8.29 MB, 8285180 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name | Analysis Engine |
| Legal Copyright |
|
| Original Filename | analysis engine.exe |
| Product Name |
|
| Product Version |
|
File Traits
- big overlay
- GetConsoleWindow
- HighEntropy
- No Version Info
- Py-installer
- x64
- zlib (In Overlay)
- zlib overlay
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 878 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 878 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CobaltStrike.XAA
- Downloader.Agent.N
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_mei10682\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10682\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_asyncio.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_multiprocessing.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_overlapped.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_uuid.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-fibers-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-kernel32-legacy-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-sysinfo-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libffi-7.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\python310.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\installer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\license | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\metadata | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\record | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\requested | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\top_level.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets-13.0.1.dist-info\wheel | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\websockets\speedups.cp310-win_amd64.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_asyncio.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_multiprocessing.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_overlapped.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_uuid.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-fibers-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-kernel32-legacy-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-sysinfo-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\libffi-7.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\python310.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\installer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\license | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\metadata | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\record | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\requested | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\top_level.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets-13.0.1.dist-info\wheel | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\websockets\speedups.cp310-win_amd64.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11442\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11442\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11442\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11442\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11442\_socket.pyd | Generic Write,Read Attributes |
7025 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\ee9e15fe659d302c2ab6791570b6abb34b886259_0009806719.exe "c:\users\user\downloads\ee9e15fe659d302c2ab6791570b6abb34b886259_0009806719.exe"
|
c:\users\user\downloads\7626f7d00368bcb967ec00582900c4b0412e9223_0008054268.exe "c:\users\user\downloads\7626f7d00368bcb967ec00582900c4b0412e9223_0008054268.exe"
|
c:\users\user\downloads\49d88c691e7867cdd61fab989e02310c4ab62702_0009234766 "c:\users\user\downloads\49d88c691e7867cdd61fab989e02310c4ab62702_0009234766"
|
c:\users\user\downloads\0c886160485f1a5303b6deb27c6582dfac952905_0009518939 "c:\users\user\downloads\0c886160485f1a5303b6deb27c6582dfac952905_0009518939"
|
c:\users\user\downloads\c88d59df33be86dfa2dc8ea6a0a2c11d80270468_0006199825 "c:\users\user\downloads\c88d59df33be86dfa2dc8ea6a0a2c11d80270468_0006199825"
|
Show More
c:\users\user\downloads\59764e48b79e7fece65872377657816adc608ef5_0008033590 "c:\users\user\downloads\59764e48b79e7fece65872377657816adc608ef5_0008033590"
|
c:\users\user\downloads\0027aed833fc7ec9aacc3cac8e9199da22bf5b56_0008086689 "c:\users\user\downloads\0027aed833fc7ec9aacc3cac8e9199da22bf5b56_0008086689"
|
c:\users\user\downloads\15f5332daab5ae5cc9cab14e78ae07cabe57586e_0009550710 "c:\users\user\downloads\15f5332daab5ae5cc9cab14e78ae07cabe57586e_0009550710"
|
c:\users\user\downloads\db50292ab16ddf6f2d8b5d75715cf3372da675ab_0007248396 "c:\users\user\downloads\db50292ab16ddf6f2d8b5d75715cf3372da675ab_0007248396"
|
c:\users\user\downloads\a4a6bc7214e41ec51104cc317dd9dd354df2461d_0008220346 "c:\users\user\downloads\a4a6bc7214e41ec51104cc317dd9dd354df2461d_0008220346"
|
c:\users\user\downloads\97c8f22533fda6b6a181e90cf51f25046bf0aa64_0009701923 "c:\users\user\downloads\97c8f22533fda6b6a181e90cf51f25046bf0aa64_0009701923"
|
c:\users\user\downloads\4e5af2db0b5ffc0dcafaf2052f1b895c9e4e7fd2_0005647265 "c:\users\user\downloads\4e5af2db0b5ffc0dcafaf2052f1b895c9e4e7fd2_0005647265"
|
c:\users\user\downloads\3fb2084bc33d42e3d8f0ccea4c3d3e40442125df_0009969554 "c:\users\user\downloads\3fb2084bc33d42e3d8f0ccea4c3d3e40442125df_0009969554"
|
c:\users\user\downloads\b4b01a4f2c711905799e7fcab53b678a27251342_0006756363 "c:\users\user\downloads\b4b01a4f2c711905799e7fcab53b678a27251342_0006756363"
|
c:\users\user\downloads\596703fdcba0d84961c0376c2ac7364a3b41189e_0008054465 "c:\users\user\downloads\596703fdcba0d84961c0376c2ac7364a3b41189e_0008054465"
|
c:\users\user\downloads\a941c573e893d752087e057946e971c9727e3d85_0006129175 "c:\users\user\downloads\a941c573e893d752087e057946e971c9727e3d85_0006129175"
|
c:\users\user\downloads\35ea86addc3a52770796ab90ab3975f7b168c335_0008285180 "c:\users\user\downloads\35ea86addc3a52770796ab90ab3975f7b168c335_0008285180"
|