PUP.HackKMS.LA

Analysis Report

General information

Family Name: PUP.HackKMS.LA
Signature status: No Signature

Known Samples

MD5: 871b58e5afaff2fcfd61ec687ea88e12
SHA1: 4a358d48bf728cd84d7a91a67b03e533f7c6e7be
SHA256: 5882A2D8FF3233F15120326F16A459CC7B98AA107D26F719E6D114D380C3E123
File Size: 20.01 KB, 20008 bytes
MD5: 777cdb736ecd2eaa247f110d9f86d288
SHA1: a672fd07ccadd8e151ce32823f16640b375d7b19
SHA256: C2ABA976194F66EA68F4F5975096BC609563D9462C56995289D58FC49DB9B142
File Size: 20.01 KB, 20008 bytes
MD5: 99d7dcd50e0822926391f2a6e4075880
SHA1: 3605b48789ab7a224bbea3af7b0384a4f30d7032
SHA256: FAEAD52D3B8947141370B55BC2CC7E809181761CAD16659F9CB4143D2DCF6408
File Size: 20.01 KB, 20008 bytes
MD5: dc0e3c6ef3756d7e776622f2457459e0
SHA1: 828e33e2f0017baa3d6420152480480e6c021787
SHA256: DAA7D5FE0964A5697EEB097A3EDF8A1A7EB332CA23790A228E72E1B69ADA6C71
File Size: 20.01 KB, 20008 bytes
MD5: 27fecf0ee1ff30e8b01384573bf866ea
SHA1: d1b82bf97e5e867c0b97423cfceb6e99793eb6bc
SHA256: 828507103550DBA5A5B0B18B7C6E64724A54F5D47C5EFD0910B2A6A3A1A92BDA
File Size: 20.01 KB, 20008 bytes
Show More
MD5: 5f4b44c1b0e23240304774d1006bfbc6
SHA1: 4bf9a90c0862cbb964cd0a86b56d0c5c567e4bd4
SHA256: F1FAE75AEC351624DF3AE3CF2213006895DC58AEBBBDDBEBEFFCE2BAA73E0AF6
File Size: 20.01 KB, 20008 bytes
MD5: e8852867fcb5b24578fb311bfc6546af
SHA1: 9d6c6d84120d40c7cdd1523b5943b80340aa4f73
SHA256: BA6557A74EA21451CFDFABC8C9B3A6082CBE5F13A25E35E44782431AEE4C20AA
File Size: 20.01 KB, 20008 bytes
MD5: ed40c91a5944cc3803a642cc47c55f49
SHA1: 7c71538aa13abafe37de5072ffffee61659b30ab
SHA256: 337AC5CEC11B27C28C5FB01C3804967DBC41727F90AE8F81A099C670ED745E88
File Size: 20.01 KB, 20008 bytes
MD5: 2033da2e050338ad755e1f409c7d3a50
SHA1: 5834ac1e0481c0a34f11927663def148de32eedf
SHA256: DD3F0E5998FC8591DB81D9E2DE757FD0A8C8191356F06784B66A6E61CF38D0D5
File Size: 20.01 KB, 20008 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File is 64-bit executable
  • File is driver (IMAGE_SUBSYSTEM_NATIVE)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • dll
  • ntdll
  • x64

Block Information

Total Blocks: 42
Potentially Malicious Blocks: 38
Whitelisted Blocks: 4
Unknown Blocks: 0

Visual Map

x x x x x x 0 x x 0 x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • HackKMS.LA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...