PUP.Keygen.FAC
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Keygen.FAC |
|---|---|
| Packers: | UPX |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
7938bb5e7544d818766f2f0aa4969907
SHA1:
501a1be8d46745bbf9452e284f43520418506ce6
File Size:
588.24 KB, 588241 bytes
|
|
MD5:
8819973709116c5410b9315504dba2fb
SHA1:
b067e91576d3d6c67cd66d541ed209d1a02d9901
SHA256:
FF26339AE5328844F3C56B4EA55EB2430FE385845BBF3523237D909A97A5C75C
File Size:
848.09 KB, 848085 bytes
|
|
MD5:
ccbddbf1f9c7d6e1dcd95aa8ec81bcc1
SHA1:
be1b02272953b1c2c29f4f47947623ac91d90eae
SHA256:
C2DD62C59324E4C3D9DBD6A170A5C4365DE468E11354450B5C429DDBCACADD40
File Size:
866.63 KB, 866627 bytes
|
|
MD5:
507eeabad74921a707044df7b6a604d5
SHA1:
111ab504d77fe862056a6359a775e775a0092f92
SHA256:
996CF239D7989BB1604E636040727D6B41FFAFBFC26450F1D69E7555A38DD358
File Size:
1.14 MB, 1144136 bytes
|
|
MD5:
68fbfe1d4eac5caf436b522e4bdc8704
SHA1:
00a774517eeffd576790844972b48bef306cc621
SHA256:
F492D3FAE75F95499C00C158D75AAD400A8DD9DB6313BC6EEA9BC6B48C2C90A2
File Size:
578.61 KB, 578610 bytes
|
Show More
|
MD5:
fd4bef5bb6fbc45a64758f535ce23227
SHA1:
72dafc290761749de5b11b20f07a36e8e002d32e
SHA256:
3708EB087EEBC75906C6D3E710E3E7AE745EB1731244EA90A1A4CD95EC3213C5
File Size:
666.09 KB, 666085 bytes
|
|
MD5:
f065ed4579d1ca2341e6a663a7c03acd
SHA1:
fc5d506e1b7dbf8bfb6db40e68e4d1b8f71b164a
SHA256:
3734AF8FA40F694E5B3B219F60729680BB320CB0AC2F4F447C327D1043BDDC1E
File Size:
538.75 KB, 538745 bytes
|
|
MD5:
d46adbc06c323d9de3d4cd5e009492d6
SHA1:
fa2231ebf0bd826a53317ef7a85d0e0e5e8eb3dc
SHA256:
E3438E2BC25CA6EFF0411DFC5FC5AB7F582C408801162E1CF478037BE33F6D9B
File Size:
540.63 KB, 540628 bytes
|
|
MD5:
56af4c68967c843c7ee071d062527a7f
SHA1:
b4a3f4e0bf2da820345480ceaf1aca3fee2c8b3b
SHA256:
C50F5D4A32B346D2378DC9EE8F10CE9A1328EC05E43A8D2CFF85CF3EC766DEDE
File Size:
6.64 MB, 6637530 bytes
|
|
MD5:
c5c6cb89e5dbf3c65f6f2f4afdc755c3
SHA1:
56eb42c0db0ff86502c94616f8a1445a8171dfa3
SHA256:
B91ABE195C0460A2ED98D4F2528D68A1904C331AE436E5199DCAB00CFA0D2D8D
File Size:
522.82 KB, 522816 bytes
|
|
MD5:
487e2d84d60cdf51f7508cc8e5fbed4f
SHA1:
3693b80c420e1f172757d691badb25fb60e0a01a
SHA256:
274A3BD0CC7FF456C2407C85A71543AEC9896C17E50513CA57F1812C92A2AD24
File Size:
530.18 KB, 530182 bytes
|
|
MD5:
3aa80fc35f49c1e92f92436b227d71d2
SHA1:
69e619c5002d5de05b0cc6deee9103d79cb3a34b
SHA256:
421F1BA0282B1822A9C98F0F8CF9BCD499A3CB7DAC7A8A2F051EE8B168BCA743
File Size:
1.15 MB, 1150327 bytes
|
|
MD5:
549a0956e80e581bfbc1dd4e24358de0
SHA1:
eac27597d5baea67704b00a921ed1fb7d5ae958d
SHA256:
8B9F444AC4357126FCBF1A1EC73F656E1057CE0BB29B1D4CC2F565EFA4FA9EDA
File Size:
4.39 MB, 4390696 bytes
|
|
MD5:
2e040192efa5d2de7009030a5da729b2
SHA1:
717db05fac12e1ece5f1d5a8eff8ffb0eecc0b2a
SHA256:
947DDE657D513CEE6216B7AA0FB939DCAD5DBBE71CBE33E4BB3C0C270312A050
File Size:
566.38 KB, 566379 bytes
|
|
MD5:
5a35dc3b181c4e3deb0995ca23da312e
SHA1:
00225889d68780fe8b3761e1b80dbcd5d21b77bc
SHA256:
81F139370A2759C71599EC740D4BFEC54DA09A01ABB0E5F80F58E0C56C23537D
File Size:
611.71 KB, 611707 bytes
|
|
MD5:
dc4fbcdbfb9530bb226cf5625f96a44d
SHA1:
4beda80d8a13a03d58e2c7b3dca7f07e4d5b4587
SHA256:
FDE3CA68FAC4ADACC3C82B5BCEFB14E6DB993F4740FB361B22D5CF1F3CF9EC3B
File Size:
1.10 MB, 1097956 bytes
|
|
MD5:
37d686f2398881b3f6278ff96d0d26cd
SHA1:
acc061434bdffbfaa432a0d201dcccb9cf9cf4fd
SHA256:
A621A431FCE7B8511E3032C15A5D728FF5EE5890658E732A944D7F26EBCED7A3
File Size:
1.20 MB, 1196930 bytes
|
|
MD5:
9cd5ac78667f3f8068e880a4561a6749
SHA1:
fc30de1c16ca1690b370c4e301f2a919458288b0
SHA256:
486AB9A76F78EEBE781A9EFA211B42463A4F424373D0C86FAA647920E330C47F
File Size:
589.83 KB, 589827 bytes
|
|
MD5:
d2b357fb9f6fe3548181963aeb6fe0fb
SHA1:
1dc008896a2b4e89caf81a93715007dc91756b5d
SHA256:
65EFD356D32094D970801BAAE46C5D775766137D95521AC36BD033C07CC2D0F7
File Size:
730.60 KB, 730598 bytes
|
|
MD5:
ac24b216a3e842593761f9024322b1c1
SHA1:
32df786ce1e76a3a069757d8644046e1b095a1a0
SHA256:
5A72CB4C0146F31CE1AA7FB50D2010BAD536796907CA93BAAC5E40D3DC5AA32C
File Size:
833.39 KB, 833390 bytes
|
|
MD5:
b67591fdea517786691c0cb060bf9a98
SHA1:
0b475bf4405ad7e932a68c384b48dec0110d86f5
SHA256:
2D83A98E2CE8A1339B36826ED032875C31C39FE443204ACC415BFA6E136D5584
File Size:
1.83 MB, 1827039 bytes
|
|
MD5:
f1eb3933c436dfd20259b00a7e6f44e2
SHA1:
76097a2a8bbad657428b7a1eda5153284e6b7003
SHA256:
3A5C446DC4B155DC147F13499977855962A1B619E7FF08BE86D8732BE840CA29
File Size:
1.12 MB, 1118031 bytes
|
|
MD5:
935a4cd7dc73bfb71b6f31523309f5b0
SHA1:
b9a2b25650a5c5747854016c0d347eb8570b8850
SHA256:
D8F18E97E9BBA08DE0A738BA82A4D8F7BB3596CEF68F71DA6225F96A02285E41
File Size:
643.65 KB, 643655 bytes
|
|
MD5:
4712a74420a319fac6c4d8c76c3d6136
SHA1:
b4f04b861f7a57aa70b3c997327dd4a8a2d6b9cb
SHA256:
43AA694A01A2ED83378185340066C24959F8E7126402D5841DCBB67FC4951C90
File Size:
593.75 KB, 593754 bytes
|
|
MD5:
bc64d4437e19548ba9bf057d9b90197b
SHA1:
0bb3ad102d09797e464479e7a09a0a4f9d309480
SHA256:
CB92B066941E137C877593C93B657FFAC4DF1A7C1D5BFD45F04C6C77AC9822B8
File Size:
641.51 KB, 641506 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
Show More
|
| File Description |
Show More
|
| File Version |
|
| Internal Name |
Show More
|
| Legal Copyright |
Show More
|
| Legal Trademarks |
|
| Original Filename |
Show More
|
| Private Build |
|
| Product Name |
Show More
|
| Product Version |
|
| Special Build |
|
File Traits
- big overlay
- HighEntropy
- Installer Version
- packed
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,833 |
|---|---|
| Potentially Malicious Blocks: | 754 |
| Whitelisted Blocks: | 2,079 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
0
x
x
x
x
0
x
x
x
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
0
0
0
0
0
0
x
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
x
x
x
x
x
x
x
x
0
x
0
x
x
x
0
x
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
0
0
x
0
0
x
x
x
0
x
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
0
0
x
0
0
0
x
x
x
0
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
0
x
x
0
0
x
0
x
0
x
x
0
x
0
x
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
x
x
x
x
x
0
x
0
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
0
x
x
0
x
x
x
0
x
x
x
x
0
0
0
0
0
x
0
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
0
x
0
0
x
x
x
x
0
0
x
x
x
0
x
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
x
x
x
x
x
x
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
x
x
0
0
x
x
x
0
0
x
0
0
0
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
0
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
0
0
x
0
0
x
0
x
0
x
0
x
x
0
x
x
0
0
x
0
x
0
x
0
x
0
x
x
x
x
x
x
x
0
x
x
x
0
0
0
0
0
0
0
0
x
x
0
x
0
x
0
0
0
x
x
x
0
0
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
0
0
0
x
0
x
x
0
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
0
x
0
0
x
x
0
x
x
0
0
x
x
x
0
x
0
0
x
x
x
0
x
x
x
0
0
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
x
0
x
0
0
x
x
x
x
0
0
x
x
x
x
0
x
x
x
0
0
x
x
0
x
x
x
0
0
x
x
x
x
x
0
x
x
x
x
x
0
0
x
0
0
x
0
0
0
0
0
x
x
0
x
x
0
x
x
0
x
0
0
0
0
x
x
0
0
0
0
x
0
x
x
x
0
x
x
x
x
x
x
x
x
0
0
0
0
x
0
0
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
0
0
x
x
0
0
x
x
x
x
x
x
x
x
0
x
x
x
0
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
x
0
0
0
x
x
x
0
0
0
x
x
x
x
0
0
0
0
0
x
x
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
x
x
0
0
0
0
x
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
0
0
0
x
x
x
x
x
0
x
x
x
x
0
0
0
0
0
x
0
1
0
0
0
0
0
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Keygen.FAC
- Keygen.FH
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 501a1be8d46745bbf9452e284f43520418506ce6_0000588241.exe | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id | ∌䜻 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | b067e91576d3d6c67cd66d541ed209d1a02d9901_0000848085 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | be1b02272953b1c2c29f4f47947623ac91d90eae_0000866627 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 111ab504d77fe862056a6359a775e775a0092f92_0001144136 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id | ⓤ䜻 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 00a774517eeffd576790844972b48bef306cc621_0000578610 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id | 剄䍯 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 72dafc290761749de5b11b20f07a36e8e002d32e_0000666085 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | fc5d506e1b7dbf8bfb6db40e68e4d1b8f71b164a_0000538745 | RegNtPreCreateKey |
Show More
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | fa2231ebf0bd826a53317ef7a85d0e0e5e8eb3dc_0000540628 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 56eb42c0db0ff86502c94616f8a1445a8171dfa3_0000522816 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 3693b80c420e1f172757d691badb25fb60e0a01a_0000530182 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 717db05fac12e1ece5f1d5a8eff8ffb0eecc0b2a_0000566379 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 00225889d68780fe8b3761e1b80dbcd5d21b77bc_0000611707 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 4beda80d8a13a03d58e2c7b3dca7f07e4d5b4587_0001097956 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | acc061434bdffbfaa432a0d201dcccb9cf9cf4fd_0001196930 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | fc30de1c16ca1690b370c4e301f2a919458288b0_0000589827 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 1dc008896a2b4e89caf81a93715007dc91756b5d_0000730598 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 32df786ce1e76a3a069757d8644046e1b095a1a0_0000833390 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 76097a2a8bbad657428b7a1eda5153284e6b7003_0001118031 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | b9a2b25650a5c5747854016c0d347eb8570b8850_0000643655 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | b4f04b861f7a57aa70b3c997327dd4a8a2d6b9cb_0000593754 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 0bb3ad102d09797e464479e7a09a0a4f9d309480_0000641506 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|