Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.BNE

Trojan.Agent.BNE

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,530
Threat Level: 80 % (High)
Infected Computers: 326
First Seen: September 5, 2024
Last Seen: April 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.BNE
Signature status: No Signature

Known Samples

MD5: 3dad4b258b364fcf542e5b2db22a399d
SHA1: 1992466382c845cedf28af9a279bd277b98aef7f
File Size: 310.27 KB, 310272 bytes
MD5: 12aaaf11cbf27c603705befcbd1444bf
SHA1: 0fbcfc4022fef32c998d9fb39cc837232c25efcc
File Size: 419.84 KB, 419840 bytes
MD5: 2f2c1bbbb7b72f3b4de4a48518d56b6f
SHA1: 90fc5c3eb3a4e7bbd648ffae5c8593b0cea30910
SHA256: E326454D43A5BC01D9C41DAF5FCA50C1F0999938E1B5AEEB97DF5CFE49756F0E
File Size: 413.18 KB, 413184 bytes
MD5: 1dc815be0deb28d026eb4b8e42cfc05e
SHA1: 4dfc4006d50bbf597ab418b536ad5b457fb1db64
SHA256: 45EEFE01D0FB0577302B26F3532DE63983B25C898ED0C606FE41A984C6F9A407
File Size: 466.43 KB, 466432 bytes
MD5: 6ca94ddfcdb9593288d0127851400817
SHA1: b448a614e782a1946710fd5d510fd0ceb9caadf2
SHA256: 7C6B684D0696D12053DFC9EC8A8333A5BE7E830339AC02DB958B95C34C038D62
File Size: 403.46 KB, 403456 bytes
Show More
MD5: 1de2928073c1a5879292cbb9b63e60e0
SHA1: db5c5a4832538929e0863ab4e448a9ad17cbb4dd
SHA256: D2DA992EB204F2A38ED50711D63EAD7BAB019C20A62DE2DF06BB770BB295188E
File Size: 424.96 KB, 424960 bytes
MD5: fef7c13a62eaf06244662c4199202c54
SHA1: 441cd3da774ef9f16cc2300bd1911109efe6d2e6
SHA256: D3253E9CA94990AF530134B8F7C1F0AA45E3C82160748F847326B34FACFDEECA
File Size: 403.46 KB, 403456 bytes
MD5: 21d5e6815e8c4f062302ea9799469357
SHA1: 6b2aadaf82efb0b50945966e491a863aa449b1cd
SHA256: 281ACD33981A461F6F486CCF4B868FD3672DF08521A5625A815F90AB8ABD3DB7
File Size: 328.70 KB, 328704 bytes
MD5: 01bdbf0a6729ad55da1b6bc16e3ddd3b
SHA1: 46c3240aa7517259241d1c58508fa1197fe835d9
SHA256: 8ED6EFB694A60D5CD47A0B00DC091DC2F921016B7D47C8519E0A37999E10C135
File Size: 331.26 KB, 331264 bytes
MD5: d976943d9900c9c61265e68c67b6480b
SHA1: 9d5fde78ca9c5b957ab65cadf256eaca71193b05
SHA256: 1BD488D5A4E22AE09C436878EB2CE16E4F25639AD2B12354DA1239498C7BE966
File Size: 367.10 KB, 367104 bytes
MD5: 0fd6791f51bc729c62ed062da1eefe03
SHA1: 5fe54f195b89c345b3a73b1bedc85726e03c2565
SHA256: 10E126333C805C2AEEE64C613B688A9153B1B8EF5F6012798BD7F404A465B534
File Size: 321.02 KB, 321024 bytes
MD5: c0ad8ec59cc4a11c957402409baec244
SHA1: 9d5e929c8e6f9efda8361323d20d336277c1e4b7
SHA256: C35A73994AEFD1D66854AAEF00B659EB204CA32DD849D78871E08117E4F5D455
File Size: 340.89 KB, 340889 bytes
MD5: 4cca658b2346d19cef3658a192ff6d4c
SHA1: 20af3340084753a58de7b1350980c29af4f98077
SHA256: F43F73B0CA27E22EA3FEE2165A79835ED9C5E44137F89667D1E3FEB89D22731B
File Size: 327.68 KB, 327680 bytes
MD5: 41c145f3cfcaa09cb488a047db9af564
SHA1: 3dc00ffb77003fa8e5c0cac961f589808dddc484
SHA256: 16809B4A31AD1EFAEEA970BD71BC6B3F6EE8547D752EC2BA85E2E67D0A9A8D61
File Size: 304.13 KB, 304128 bytes
MD5: a618ad08c87035d7cda6d307ffd42cc4
SHA1: 25871b78c38bda71ecb3f065e187171bb0c63e45
SHA256: 9CF42D58BF33FEF2832FD870202C83F915768247E85B4DE3A847D7FD63092C75
File Size: 389.63 KB, 389632 bytes
MD5: 6e973fc7c234f6e0ce67ee3e4258da7d
SHA1: e473ece241f9616a999fc7076dc4ec71a5c8e8fb
SHA256: AA6A2C8EBC302B82CC379502D3349C58214545C8198F3E6D882A1C6F75F62703
File Size: 413.18 KB, 413184 bytes
MD5: 54ff0b458abfedaa8b11016ae23aa1e6
SHA1: 52c88450e96f4115951ea2f5c0cd5129dface6ab
SHA256: 7F6EA40EE9992B31F92179B5D8873BD4FE6319768578E2DD35F24913E6CA4B6A
File Size: 331.26 KB, 331264 bytes
MD5: 1cd970939c94786b023799b61fcf07c6
SHA1: a4527d3e3466bdcc3af8aecdf0d511d2afec6943
SHA256: A450BDE93F250249E96C55331EC9301565EE0683A8D122563AC4317B0ACD62C2
File Size: 403.46 KB, 403456 bytes
MD5: c60012564476389c77fa9dbb978efad7
SHA1: 3431167877defb92ffa247d03a372fe77c8ec97f
SHA256: 26C15BF5737812C83ECAA0BAAF33E837639E587527CF49EF5C10B1F6DB0DCACD
File Size: 510.98 KB, 510976 bytes
MD5: 0daa9ca7f1ffaf9683b811cfc043a5c0
SHA1: 2bf019f7980a8356fdfc60bdd46055ec7a3e1a4d
SHA256: A40C6DF643853A7B693C3629D17C2E0DC0F91AA12B14FAED076E5DAD14371C46
File Size: 610.82 KB, 610816 bytes
MD5: 86e44ae0bc75a3c34a3d40ea76e93dde
SHA1: 6ad8e2943274939d65f75e366292e7b5a6863740
SHA256: DBCE060697DFDE7C0A48C2958022F432455535498B665E37F63D8F9B6E004BFC
File Size: 344.58 KB, 344576 bytes
MD5: acdb736ba3ee42c24e5ffa03ce223560
SHA1: d057dff237b848e43b41ed9ea8ab008ff718c613
SHA256: 88BB4FAA0C7F332DAD1E155769491299671B262A3E92F8B65FBD1286511F9A5C
File Size: 696.32 KB, 696320 bytes
MD5: 1f7b0d5482259bc1642c34436dc9174a
SHA1: a06c4ff05ae7e5ee5f0f38c0452870453408f22f
SHA256: 76EAF3768047B55240A320E0DF4AB451F1BCCACE58D9DDDE829E38658AA6F273
File Size: 422.91 KB, 422912 bytes
MD5: 0c6342243ffd10b9a5309cebb6b8ef73
SHA1: 1be132ee3f03c50725702f36e9d4524f2193020c
SHA256: 5FAB5E2F73DC10975686754CA2C2D9598C068C7D9BB261739AE4A0D910AC3A41
File Size: 331.26 KB, 331264 bytes
MD5: 9475383abb863caa684de1f10e06d4b9
SHA1: 763ae61636c43c5c10c7b58c71da3260e7a08402
SHA256: F698699ECB3B4566CF30666435D323E0C7EBADE3C3E40821DF00E3FCF9725B4F
File Size: 738.82 KB, 738816 bytes
MD5: cec96443b3d492e3abb5b757ed0e159d
SHA1: a92cc418c1b20828079580ca25aed473213a8913
SHA256: ECC015763F96C718AFBDC5143082D8973F2123338E7B3336B992315C44A4F8FB
File Size: 419.84 KB, 419840 bytes
MD5: 75744da12f1bb366d972c49da3379756
SHA1: 5650b65bb7def70d2509c24fb5349c0cb1ff1ac8
SHA256: D75FC6C7BC62E8C3AD6EEF6520A6692D33F2EABDF3CDD20213D91FEEC888026B
File Size: 369.66 KB, 369664 bytes
MD5: 0cb4f76af9722c9fc6d21815a7288460
SHA1: eab89390033ed88a88e9ca83a9a108779036504e
SHA256: 8825094D0EB4AB27EC75FBAEC3B52B266AB5B240C38EEA43A80CFCA3896C3583
File Size: 333.48 KB, 333481 bytes
MD5: 75fe6fc87749de8a59caf5a175720fc0
SHA1: ade6f82704764f2a00b2f6a61a6e11923d5073cf
SHA256: BE3E6DB8555D8313668334A669CDCB73F73331F544050523783A0A5BA5B2B415
File Size: 8.78 MB, 8781824 bytes
MD5: 3a09df1e50b5d024aaf0da7625fb2477
SHA1: 420210a57c49e8a17b50ab4c39067174faad5af0
SHA256: BEB98AA7F2F8444FF5FA5C4B508EEF00D5F1C7953C4056ED237591ECB5012DC6
File Size: 379.39 KB, 379392 bytes
MD5: 72a0ab882a9053e071f92668bfd84f57
SHA1: a90c9e5d6591f434a6b595bee148b8b8296c85e7
SHA256: A93FFCD6EDFC45356BCBB41AD1B1F65B8835EB02E9A8750DBC0E7EAC35A0AA3B
File Size: 403.46 KB, 403456 bytes
MD5: eb4c0b1c816e223cd12d51f84425f373
SHA1: b98a08de2289ee1bdcbd7113af9d74f0d1d207f4
SHA256: AAC65DD3C1BE519F9ECA13588B1C2DC34C98F8167EB1BD19EE3288FC9663C2B3
File Size: 676.35 KB, 676352 bytes
MD5: 1f52f487f17e35e16bdb2ceb283e651e
SHA1: d6a20ff569f295feb07192c4ddc603ec62b029a6
SHA256: 1ADCEA73A1AE5437068CD02741B5E6B90952F45BB8B5B8D6BDCAD0CBF62BA0B8
File Size: 413.18 KB, 413184 bytes
MD5: 771b63b36851d71f333006246b35cd2f
SHA1: aa54776d2eb4864fb9f6ab9d3b276e62fca3f9dc
SHA256: C312413718E51E7BC8BCF43AFD009D65B1B362792511817DAE0ADC3E63A5E843
File Size: 344.90 KB, 344901 bytes
MD5: d3fea973cb0240b6c1ec57e68df52c45
SHA1: 96b9278aa94a83198498ba871ddb87064716f43f
SHA256: 7D64EF3BEC2097C36BAAEE76B5DD52ABCEDB169FA2936DF98071915369B2F348
File Size: 362.50 KB, 362496 bytes
MD5: 97097c8faa4ddf3cbf07fed70d11f87a
SHA1: f23eb480f91a97eb57d1f2d5705a530d5e36a96c
SHA256: F35A8386177A8F5F42100E5389BB0E7E92E1C0E0AA773A4E28E8905102CF8B91
File Size: 354.89 KB, 354895 bytes
MD5: aeaf61b7c0af3e102fe31119962b747f
SHA1: 4b0c7665c11616b11eee98e01bb9587159734eba
SHA256: 9326802C3E4A92D6474C88D5DDCA032F4143972C6263A5F88FB799CEBE52004E
File Size: 404.99 KB, 404992 bytes
MD5: 238d09990296797f9988af9c3af41e83
SHA1: b60c11abced7588f7eef318e81dcfd3046204e93
SHA256: 5C1B16CD20D6AFE8EC1DD6B60DF2CFB32A6C76861FF3BAB53008624F8E389304
File Size: 346.46 KB, 346456 bytes
MD5: 89e3fa71ff5ef925012a541b1cabbe6d
SHA1: c14d5c1e01f9e6f8c3a3cb7ac844e4127ab65357
SHA256: 6327712A62E815C4855E8F2541937DEC1382DB621782F08AA5A8D53BB888028F
File Size: 420.35 KB, 420352 bytes
MD5: 312b6cce363db5292d9e26dca5b1af8b
SHA1: 31d4474ab34a4bca8009a2cbabcfa6124bac5b52
SHA256: 42934BEDED5365C380BEBA38FFC4A7329E11312910E4270A2684C820B617FF83
File Size: 527.25 KB, 527253 bytes
MD5: 3e3ee718ab98db013ec0ac06cbe6d95c
SHA1: f3bd7ec05ce5a40de126ba53a5f13fd51c3a7346
SHA256: A8FB8DBF6F2D8ED639AD2CE61EBBA7F6D8B2F4735AD6D4C1F6259C089B712B00
File Size: 403.97 KB, 403968 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

140 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 5.23.3.8770
  • 5.5.0.5
  • 4.0.0.1
  • 1.7.7.11
  • 1.0.0.0
Build I D 20230707010101
Comments
  • Apowersoft Video Editor Pro
  • A program to record music of several streaming services
  • Database Compare is a powerful tool to help organizations automate change management and analysis for critical Access databases.
  • Download videos from Internet
  • http://www.internetdownloadmanager.com
  • The ultimate PDF optimizer tool
  • VOVSOFT
Company Name
  • Abelssoft
  • Allavsoft Corporation
  • Apowersoft
  • Ashampoo GmbH & Co. KG
  • BitTorrent Limited
  • ByteDance Pte. Ltd.
  • Digital Wave Ltd
  • DsNET
  • EasyCut Pro
  • EdrawSoft
Show More
  • JetAudio, Inc.
  • Microsoft
  • ModelMaker Tools - SimpleApps
  • Mozilla Corporation
  • ORPALIS
  • PDFCompressor.net
  • PDF Password Remover
  • SoftColor Oy
  • SoftMaker Software GmbH
  • Tonec Inc.
  • Ulead Systems, Inc.
  • VOVSOFT
Control Key 001100
File Description
  • Apowersoft Video Editor Pro
  • Ashampoo PDF
  • aTube Catcher to download and convert videos.
  • ByClickDownloader
  • CapCut
  • Compress Scanned PDF and reduce the PDF file size.
  • Database Compare
  • EasyCut Pro
  • EdrawMax
  • Free YouTube Download
Show More
  • Internet Download Manager (IDM)
  • jetAudio
  • ORPALIS PDF Reducer 4
  • PDF Password Remover
  • PDF Reader
  • PhotoImpact Album
  • PingPlotter
  • Recordify
  • SimpleMind Pro
  • spydetector
  • TextMaker
  • Tor Browser
  • video downloader converter
  • µTorrent
File Version
  • 2024,0,1206,0
  • 102.12.0
  • 12.5.2.1013
  • 12.0
  • 10.10.2305.0
  • 8, 1, 10, 22000
  • 7.06.0001
  • 7.06
  • 6, 42, 47, 2
  • 6, 42, 19, 2
Show More
  • 6, 42, 12, 3
  • 6, 42, 5, 3
  • 6, 41, 17, 3
  • 5.109
  • 5.23.3.8770
  • 5.7.0.2112
  • 5.6.0.0
  • 5.5.0.5
  • 5.04.0001
  • 4.0.0.1
  • 4,3,85,109
  • 3.27.9.9194
  • 3.27.3.8957
  • 3.25.3.8405
  • 3.6.0.47196
  • 3.6.0.47134
  • 3.6.0.47120
  • 3.08.9961
  • 3.0.4.0
  • 2.8.0.6584
  • 1.7.7.11
  • 1.0.0.0
I E D I T3 IEDIT.EXE
Internal {6634D2EB-6400-5F80-0218-A0BB908F347E}
Internal Name
  • ALBUM
  • Apowersoft Video Editor.exe
  • ByClickDownloader.exe
  • CapCut
  • DatabaseCompare.exe
  • EasyCut Pro
  • EdrawMax
  • FreeYTVDownloader.exe
  • Internet Download Manager
  • jetAudio
Show More
  • PDFCompressor
  • PDF Reader
  • pdfReducer.exe
  • PingPlotter.exe
  • PPR
  • Recordify.exe
  • TextMaker
  • Tor Browser
  • uTorrent.exe
  • yct
Legal Copyright
  • Ashampoo GmbH & Co. KG
  • Copyright (c) 1987-2023 by SoftMaker Software GmbH and its licensors
  • Copyright (c) 1992-2006. Ulead Systems, Inc.
  • Copyright (C) 2001-2022 JetAudio, Inc.
  • Copyright (C) 2022 ByteDance Pte. Ltd.
  • Copyright (C) 2023 Allavsoft Corporation
  • Copyright (C) 2023 EdrawSoft. All rights reserved.
  • Copyright (C) 2024 Allavsoft Corporation
  • Copyright (C) 2025 Allavsoft Corporation
  • Copyright 2002-2025, ModelMaker Tools BV
Show More
  • Copyright 2021
  • Copyright 2021 Digiarty Software, Inc.
  • Copyright © 2008-2021 Apowersoft Ltd. All rights reserved
  • Copyright © 2016
  • Copyright © Abelssoft
  • Copyright© Microsoft 2008-2011
  • Copyright © ORPALIS 2011-2022
  • Copyright © Pingman Tools, LLC 1998-2021
  • Diego Uscanga
  • PDF Compressor
  • Tonec FZE, Copyright © 1999 - 2023
  • Tonec FZE, Copyright © 1999 - 2024
  • Tonec FZE, Copyright © 1999 - 2025
  • VOVSOFT
  • © 2006-2022 Digital Wave Ltd
  • ©2023 BitTorrent Limited All Rights Reserved.
  • ©Firefox and Mozilla Developers; available under the MPL 2 license.
Legal Trademarks
  • Apowersoft
  • Firefox is a Trademark of The Mozilla Foundation.
  • Internet Download Manager
  • ORPALIS PDF Reducer
  • Ulead Systems, MediaStudio, and PhotoImpact are registered trademarks of Ulead Systems, Inc.
  • VOVSOFT
Legal Trademarks1 All rights reserved
Legal Trademarks2 EdrawMax
O R D E R U R L http://www.ulead.com/push/pi/beforebuy.htm
Official Build 1
Original Filename
  • ALBUM.EXE
  • Apowersoft Video Editor.exe
  • ByClickDownloader.exe
  • CapCut
  • DatabaseCompare.exe
  • EasyCut Pro.exe
  • EdrawMax.exe
  • firefox.exe
  • FreeYTVDownloader.exe
  • IDMan.exe
Show More
  • JetAudio.exe
  • PDFCompressor.exe
  • pdfreader.exe
  • pdfReducer.exe
  • PingPlotter.exe
  • PPR.exe
  • Recordify.exe
  • TextMaker.exe
  • uTorrent.exe
  • videoconverter.exe
  • VideoProcConverter.exe
  • yct.exe
P D H O M E http://www.ulead.com/PhotoImpact
P P U R L http://www.ulead.com.tw/uleadAp/Push/doPush.cfm
Product I D 0
Product Name
  • Allavsoft
  • Ashampoo PDF
  • aTube Catcher
  • ByClickDownloader
  • CapCut
  • EasyCut Pro
  • EdrawMax
  • Enterprise Risk Manager
  • Free Studio
  • Internet Download Manager (IDM)
Show More
  • jetAudio
  • ORPALIS PDF Reducer 4
  • PDF Compressor
  • PDF Password Remover
  • PDF Reader
  • PingPlotter
  • Recordify
  • SimpleMindWin2
  • spydetector
  • TextMaker
  • Tor Browser
  • Ulead PhotoImpact
  • Video Editor Pro
  • VideoProc Converter
  • µTorrent
Product Version
  • 2024
  • 102.12.0
  • 12.5.2
  • 12.0.0.0
  • 8, 0, 0, 0
  • 7.06.0001
  • 7.06
  • 6, 42, 47, 2
  • 6, 42, 19, 2
  • 6, 42, 12, 3
Show More
  • 6, 42, 5, 3
  • 6, 41, 17, 3
  • 5.109
  • 5.23.3.8770
  • 5.7.0.2112
  • 5.6.0.0
  • 5.5.0.5
  • 5.04.0001
  • 4.5.0.0
  • 4.0.0.1
  • 4,3,85,109
  • 3.27.9.9194
  • 3.27.3.8957
  • 3.25.3.8405
  • 3.6.0.47196
  • 3.6.0.47134
  • 3.6.0.47120
  • 3.08.9961
  • 3.0.4.0
  • 2.8
  • 1.7.7.11
  • 1.0.0.0
Program I D
  • com.embarcadero.spydetector
  • com.modelmakertools.SimpleMindWin2
  • com.vovsoft.pdfreader
R E G H O M E http://www.ulead.com.tw
Section Album 12
Special Build
  • stable34 stable
  • {C86BD23A-6441-5A94-E318-82EC9098342D}
T S U R L http://www.ulead.com.tw/uleadAp/Push/doPush.cfm
Thin App Build Date Time
  • 20210521 141224
  • 20211130 203706
  • 20211201 164004
  • 20211212 232414
  • 20220219 124650
  • 20220310 173324
  • 20220422 050919
  • 20220426 134924
  • 20220513 032152
  • 20220611 051012
Show More
  • 20220724 020408
  • 20221205 133117
  • 20230107 115603
  • 20230108 045127
  • 20230112 143413
  • 20230223 234301
  • 20230506 161837
  • 20230608 030108
  • 20230623 162444
  • 20230710 190609
  • 20230731 200835
  • 20230804 052224
  • 20230817 184203
  • 20230818 090826
  • 20231122 201453
  • 20240405 055156
  • 20240512 153003
  • 20240513 160146
  • 20240624 174942
  • 20240625 101914
  • 20240720 090202
  • 20240802 143621
  • 20240809 125940
  • 20250125 161622
  • 20250218 213041
  • 20250309 142920
  • 20250711 191918
  • 20250926 194230
  • 20251019 100316
  • 20251214 223431
Thin App License
  • 28KCP-704QY-L1352-0HUH3-CG2KV
  • Admin
  • AiOPortable
  • aTube Catcher
  • D1mar0n
  • DrZero
  • DrZero [DRZ]
  • Grand Admin
  • GrandAdmin
  • mt
Show More
  • MyPc
  • pol
  • ru-board
  • thehouseofportable.com
  • z
Thin App Version
  • 2503.0.0-207
  • 2312.0.0-23148499
  • 2212.0.0-21059475
  • 2206.0.0-20077476
  • 2111.0.0-18970417
  • 5.2.10-18278582
U L H O M E http://www.ulead.com
Ulead Task {4490D223-6493-5666-C818-05BB900F34E9}

File Traits

  • big overlay
  • HighEntropy
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 687
Potentially Malicious Blocks: 2
Whitelisted Blocks: 685
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 2 3 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 2 2 1 0 0 0 0 0 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.BNE
  • MSIL.Bulz.LZ

Files Modified

File Attributes
c:\users\user\downloads Read Data,Execute,Read Attributes,Read extended,Write Attributes,Write extended
c:\users\user\downloads\data\dummytls\-3764.3780.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\data\dummytls\dummytls.dll Synchronize,Write Data
c:\users\user\downloads\data\dummytls\dummytls64.dll Synchronize,Write Data
c:\users\user\downloads\data\registry.rw.tvr Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\data\registry.rw.tvr.lck Synchronize,Write Data
c:\users\user\downloads\data\registry.rw.tvr.lck.desktop-dlos3m3.ffffffff.eb4 Generic Write,Read Attributes
c:\users\user\downloads\data\registry.rw.tvr.transact Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\data\registry.rw.tvr.transact Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\data\registry.tlog Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\data\registry.tlog.cache Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\data\skel\ptvvprvukjgmsinqqmomhqtllkunjhtmvkgvjqpu.tls Synchronize,Write Data
c:\users\user\downloads\data\skel\ptvvprvukjgmsinqqmomhqtllkunjhtmvkgvjqpu.tls-1456-6736.tls Generic Write,Delete

Windows API Usage

Category API
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Trending

Most Viewed

Loading...