Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Nuitika.B

PUP.Nuitika.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Nuitika.B
Signature status: No Signature

Known Samples

MD5: a9d0ebd5607dd095a592e084100fd103
SHA1: 16b46c2cf1559fac3ea91b27707b240755ec5017
SHA256: E2C90029B5E6267A38AF049E5A88460056B3D16B5C3C3E101D8D2DA7B2A14E02
File Size: 9.62 MB, 9622528 bytes
MD5: 04676bc7c77ae39f146b8f273667d38a
SHA1: 97e0f65e81301d4398fe5641f4861f79c92a1d42
SHA256: 17CAF92973D2F7D59087E5FD555FA4B1AA5D137A01C1FEED6D20880BDC82E29F
File Size: 7.12 MB, 7116800 bytes
MD5: bc7b6b9f0988d62af280ce95f8a174a3
SHA1: 320634752a885408e40bd059504843cfbbcd95ec
SHA256: 7A0C4879EE1908E13957B5D810A9D035340BA86B8BF184E5DE5B2C22F62ABB01
File Size: 4.76 MB, 4762448 bytes
MD5: da478fc77627c2b8ade47e2c299eec0b
SHA1: f53e93dbf85d57ba8941275162ed3b924bd42ec1
SHA256: 846662ECE44DEEC3B92E692701FBC20BAE29D9251A3FDCD1C49E2DB39BCA3C11
File Size: 7.43 MB, 7429120 bytes
MD5: caaf6a68e501b9f02c387378e142a8d2
SHA1: 36fbff7bf46c134fb78fca9438e806f701ab6620
SHA256: CA31A9902771401D9023847E656DBBC74B688EB33BED8FBB2A48AC178A6240CF
File Size: 9.47 MB, 9465344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description miner.exe
File Version 1.0.2.2
Internal Name miner
Original Filename miner.exe
Product Name miner
Product Version 1.0.2.2

Digital Signatures

Signer Root Status
carliv.eu carliv.eu Self Signed

File Traits

  • HighEntropy
  • No Version Info
  • x64

Block Information

Total Blocks: 403
Potentially Malicious Blocks: 98
Whitelisted Blocks: 305
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x x 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x x 0 0 0 x x 0 0 0 0 x 0 0 x 0 0 0 0 x x x x 0 x 0 0 0 0 x 0 x x 0 0 0 0 x x x x x x x x 0 x 0 x 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 0 0 x x x x x x x x 0 0 0 0 x x x x x 0 x 0 0 x 0 x 0 x 0 0 x x 0 x x x 0 x x x x 0 x 0 0 0 x x x 0 x x 0 x x 0 0 x x 0 0 x 0 0 x 0 0 0 0 0 x 0 0 x 0 x x 0 0 x x 0 0 x x x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Mimikatz.CR
  • Mimikatz.KA
  • Mimikatz.KB
  • Mimikatz.KC
  • Mimikatz.KD
Show More
  • Mimikatz.RA
  • Mimikatz.RD
  • Nuitika.A
  • Nuitika.B

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_queue.pyd Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\mango_lite_parser.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\1943____.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\1row.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\3-d.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\3d-ascii.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\3d_diagonal.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\3x5.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\4max.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\4x4_offr.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\5lineoblique.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\5x7.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\5x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\64f1____.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\6x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\6x9.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\a_zooloo.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\acrobatic.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\advenger.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\alligator.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\alligator2.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\alpha.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\alphabet.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_3_line.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_3_liv1.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_aaa01.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_neko.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_razor.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_razor2.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_slash.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_slider.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_thin.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_tubes.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\amc_untitled.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ansi_regular.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ansi_shadow.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\aquaplan.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\arrows.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\asc_____.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ascii___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ascii_new_roman.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\assalt_m.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\asslt__m.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\atc_____.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\atc_gran.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\avatar.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\b1ff.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\b_m__200.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\banner.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\banner3-d.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\banner3.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\banner4.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\barbwire.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\basic.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\battle_s.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\battlesh.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\baz__bil.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bear.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\beer_pub.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bell.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\benjamin.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\big.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\big_money-ne.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\big_money-nw.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\big_money-se.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\big_money-sw.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bigchief.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bigfig.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\binary.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\block.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\blocks.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\blocky.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bloody.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bolger.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\braced.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bright.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\brite.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\briteb.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\britebi.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\britei.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\broadway.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\broadway_kb.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bubble.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bubble__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bubble_b.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\bulbhead.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\c1______.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\c2______.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\c_ascii_.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\c_consen.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\calgphy2.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\caligraphy.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\calvin_s.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cards.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\catwalk.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\caus_in_.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\char1___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\char2___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\char3___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\char4___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact1.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact2.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact3.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact4.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact5.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charact6.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\characte.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\charset_.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\chartr.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\chartri.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\chiseled.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\chunky.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clb6x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clb8x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clb8x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cli8x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr4x6.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr5x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr5x6.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr5x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr6x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr6x6.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr6x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr7x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr7x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr8x10.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\clr8x8.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\coil_cop.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\coinstak.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cola.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\colossal.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\com_sen_.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\computer.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\contessa.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\contrast.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\convoy__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cosmic.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cosmike.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cour.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\courb.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\courbi.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\couri.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\crawford.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\crawford2.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\crazy.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cricket.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cursive.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cyberlarge.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cybermedium.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cybersmall.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\cygnet.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\d_dragon.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\danc4.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\dancing_font.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\dcs_bfmo.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\decimal.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\deep_str.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\def_leppard.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\defleppard.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\delta_corps_priest_1.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\demo_1__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\demo_2__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\demo_m__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\devilish.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\diamond.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\diet_cola.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\digital.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\doh.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\doom.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\dos_rebel.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\dotmatrix.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\double.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\double_shorts.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\drpepper.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\druid___.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\dwhistled.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\e__fist_.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ebbs_1__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\ebbs_2__.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\eca_____.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\efti_robot.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\eftichess.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\eftifont.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\eftipiti.flf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1020_134105971603672152\pyfiglet\fonts\eftirobot.flf Generic Write,Read Attributes

2775 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Users\Yeziohpr\AppData\Local\Temp\onefile_3968_134078570868895158\Gamebato-updater.exe c:\users\user\downloads\16b46c2cf1559fac3ea91b27707b240755ec5017_0009622528
c:\users\user\downloads\97e0f65e81301d4398fe5641f4861f79c92a1d42_0007116800 c:\users\user\downloads\97e0f65e81301d4398fe5641f4861f79c92a1d42_0007116800
C:\Users\Wlzjjxbs\AppData\Local\Temp\onefile_7596_134123906552151196\avbtool.exe "c:\users\user\downloads\320634752a885408e40bd059504843cfbbcd95ec_0004762448"
C:\Users\Goxusaou\AppData\Local\Temp\onefile_3216_134122921019558945\miner.exe c:\users\user\downloads\f53e93dbf85d57ba8941275162ed3b924bd42ec1_0007429120
C:\Users\Qpsotkmh\AppData\Local\Temp\onefile_2992_134183038581266574\server_retriever.exe "c:\users\user\downloads\36fbff7bf46c134fb78fca9438e806f701ab6620_0009465344"

Trending

Most Viewed

Loading...