PUP.HackKMS.AW
Table of Contents
Analysis Report
General information
| Family Name: | PUP.HackKMS.AW |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
7666686a171a110404b00a5413d880ca
SHA1:
09324d1653d40c51beae83e401307894078aaecc
SHA256:
867FBE615A52EA96D734D05FED415D4128B0DCBF42524AEC34653AA52F284BED
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
42fb871b72b744bb69a44ea47430440c
SHA1:
8c916ec1474bc884cc0fe688747c00b0505cc3ec
SHA256:
61F32998B47FCBF64A41831B0979587F83F810DDF3AF59E58C2C16546AC36EAC
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
ea6e7b5b8f7f1c509070cc4a4c66ce04
SHA1:
2f5b3b599f2fbda14bffb381f6a86a97808af8eb
SHA256:
DE2CDBF484C7E085037D2A49BB83F9786F8C058D83191BDD93F5B8AC19D14BEE
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
648bc20a486b3a7592500b2b04e3b8ad
SHA1:
02fd882d13766ae3be27534c9e3639e86df73fe7
SHA256:
BD278ECE9AD047263456AA8ACAFCD80441E537F41239C379A9820CAFE4E70E9A
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
d97283fd60d128dedfe5326174856a74
SHA1:
f6dce73b9910c33b20232f7167294d521a0a733b
SHA256:
8E8294CF5ABF7C17A095F66DF7773A8A246FD8AF784A4A3A61762539BDFFFC06
File Size:
5.65 KB, 5652 bytes
|
Show More
|
MD5:
eb6a2a3edcda01673c82eee52f1d714d
SHA1:
0f9283f877899c0cd49d4b58c275d7cd66521388
SHA256:
02221D91B96B03B32745ADDE094AE24B845C361E2EF745D2FACA21C77653FB60
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
5076a7c73f7f878730385cf8a4007a89
SHA1:
e54285fcc03e1b17fa5155ff861f3a132f87e734
SHA256:
14F6CE82E0C2109397FBB706E97EB7340C97959D6E19257F053743AB28E73094
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
ad2b9b26b8a2800cb70fe0bf6f81f28e
SHA1:
0f29d64580f5a54e59cc643940b3df6d65433a66
SHA256:
B92490A208F780DF5892BD54A43BD5061462C167D5FC75F7F4771EC242F9007E
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
701c70ec24e3e7e185e928a2d3ddd8e0
SHA1:
67b5fa0c3d468d31651c4eb3e918c8f8c145e563
SHA256:
5F05B0BF33E0A907CDBEC15D7FB989C494594BAF5432D3EB96E00C322782B004
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
ae22272798766d0a2ccb19785b4e7d74
SHA1:
eed6db405313d85fd21aa1117012012f9b3259f2
SHA256:
FCFDA22673FC7E26961B56E1BEDFCDFBA9225036C4E9A541DE5CEE19DFD6ECD3
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
9bdcc269560435dd9da491231434178f
SHA1:
a93cd62f6869cbcfcb53dde8182f9debdef6c5b2
SHA256:
AF8AB35A07A4FEAA5B080C1810AD185FE9BDCABA49679882AF8FCDBA5E1AA0E4
File Size:
5.65 KB, 5652 bytes
|
|
MD5:
4deb9aa299e8859493d46e0dd7a46c6d
SHA1:
23bebdbf173073d642d062b651a5c26c4846930b
SHA256:
2775A22FE088B4519DA67CA4CA845D907A80F0B180EC5A426A9F44E965F0CF0B
File Size:
5.65 KB, 5652 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 8 |
|---|---|
| Potentially Malicious Blocks: | 8 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- HackKMS.AW
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
