Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.KFR

Trojan.Agent.KFR

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Agent.KFR
Signature status: No Signature

Known Samples

MD5: 61893883a9f2e60d28bf24f46b72a715
SHA1: 98655baf4bb88e1ae48dbd4d6df60b979e6d9a6e
File Size: 2.93 MB, 2926592 bytes
MD5: 21597ec6477a729d5d85bc78fe991286
SHA1: 24e155b4b3e510e9eb1b0eb943afd24e729db56e
SHA256: 6B0E289D17F38DB67FA9C2FB846CA7394443F6BB997E9EE0BC286B86B9E640FD
File Size: 2.31 MB, 2308608 bytes
MD5: 0c60b8c71008328f9e2c9410a7127be0
SHA1: 0fb2a6949c2990ff434aecd02eeb562ce403b36a
SHA256: CE79F6F97BA814CAB94D73F7099979BB989F2A72150E010CAB8A45DD2B1E7C80
File Size: 2.00 MB, 2000384 bytes
MD5: 4fed657fe051289756074ce94018f4fb
SHA1: f605b5b50c7f192490f71f2ffbf96ebf5a69e1bd
SHA256: 8DB6F84690A6AC78DAB62DE728C65170755987F8706CCE3979D62D677270FC69
File Size: 1.34 MB, 1338880 bytes
MD5: 2fe4658dc701199938000b9b78a97292
SHA1: 4a8891f97bfbb570193b17538efe853fd34ef36b
SHA256: 2DD458CE238192A57B5A020DCF14DBFBC8E51BDF6EBF5D3326BF79183B2C3EDD
File Size: 2.92 MB, 2917376 bytes
Show More
MD5: 6db0f3fe712b3e465f37d323946dac59
SHA1: 94cfb700806fb5d423c92c7ef4ff0d5eccffc07e
SHA256: 78AA42F8520884A1FCB121D8DF8CDA0BE81DE9CD0F0A05C3CD581B4C49ED8059
File Size: 1.46 MB, 1464320 bytes
MD5: d2c946fcb4ca0f23c80c2990eb4f0ed2
SHA1: 1ce469f7677254b1eb3d79a28dfce25ea7465305
SHA256: FBB4AA12410E26A8AEB3F9437DE565EDD83121567D0FD709969F06257FB59341
File Size: 3.31 MB, 3314688 bytes
MD5: 06539f1edea3036cf70da4c8fbe9498c
SHA1: ad3b2dd78fda4f3c85a629ccf15fa2c54bb4de70
SHA256: EC9BD70592A92C297D14F33C2A5AF90DA20A2062F2F40277FBCE9467B31F68A3
File Size: 1.23 MB, 1230064 bytes
MD5: 84a2f10b49239d837e9d5c342025e828
SHA1: a6ddf97dc32213f52492fb93918013ad2682d5d3
SHA256: 3B76ADF2C5F1E79709428F6F524539531784EF5C6E3EFA85F7899EB202A05ACF
File Size: 2.29 MB, 2292224 bytes
MD5: bedecda5532078579cfa8dcca09dfe0e
SHA1: 03fa1944c6665d79cc824aa33c83b244d7cb2c0a
SHA256: 750796FC32A748CC6DA1016FBE90AD2B62880571AADF43500B7333348CE2AF43
File Size: 2.75 MB, 2752512 bytes
MD5: 588449dd5b4577808b567d07d93350dd
SHA1: 8a170642d6e70c859fef4f01911d5d81f37b4757
SHA256: 78D07571FDAA452967B25A1C0ACA258D813EAD609D30D11E13FD22DEBDF55FEF
File Size: 2.15 MB, 2146816 bytes
MD5: 01ddaacfc7d524f4740e5ff3bfd8ed24
SHA1: ff23a9d1d41d19de6f9ea18c467f24add882e591
SHA256: 629CA081D2BEA54D6288615A8187EE9B8534C26470604BD23080C30F15147D97
File Size: 5.10 MB, 5099520 bytes
MD5: 03bf26b5a804df98347872fdcb945260
SHA1: 9c0cbe57657e2f9f91b869868e8af099b3745ec0
SHA256: 0AAD023CBE1512FC4483F811DC60096DDD3BA0EBD777901963533AD55C12641F
File Size: 2.49 MB, 2489856 bytes
MD5: c8694ed497c950e3c250c316143b0935
SHA1: 38588626a7da59664296a6add0967f0871d929ee
SHA256: 81A6798D74A990EE59380B77C74841876DC8FEE51AE2E7FC09CCD92C44E2CAB6
File Size: 2.16 MB, 2160640 bytes
MD5: d4fce039d962601880307495a145ad77
SHA1: 9fb3dd20594b594e2b8e988505c953368aef71f5
SHA256: 21E63AE77BD1E04867451E3E7888772E8F9A65FC688D3B4A2AAF78DB6E8E8F34
File Size: 2.82 MB, 2819072 bytes
MD5: 5fb936a195c0f977dd17150d3aab043b
SHA1: 12579c4b3b3225b049f7783346ec2c1667b97527
SHA256: 57869C24C3F0F948CCA1C6DF6B38418C14CF20AFA599BCF5C4CC191982EC57BF
File Size: 2.62 MB, 2619392 bytes
MD5: 2782d98d8d87ea594b02c4df5e942673
SHA1: af70b3c5d4eb9746ead349f9e0ee98e2afb4d69a
SHA256: F2E8A4E0383E5A0F19A9716EF48E34CCD2EF17A76C004EAAA3A021B5B84D4941
File Size: 1.78 MB, 1780224 bytes
MD5: 9bab9f959e7c8aff4acd4a3aa97729dc
SHA1: 26b0f24d1e6018c1c90c548fd4c1b6f4dc60aa6f
SHA256: 9BFC152FDDA7D96A62066BD89B2BD1FBF5CEB20E7C07127889A1B67EF0806412
File Size: 2.83 MB, 2834944 bytes
MD5: 317cea2eb8711f94fd449b8af1efddf2
SHA1: 8c713c85749ba4418e3e973547b19da70d078c76
SHA256: 84682215D205E8BE03048153602E23742CD76E8E45EAA802A618D8DC81818D6D
File Size: 6.35 MB, 6351360 bytes
MD5: a48f078074db2ea7f4c86fa18e21eef2
SHA1: 1dbf42b8bee5fab987fa2ced325c2b17b1e4824a
SHA256: 534430BE58995DDB6AE40D929618550479958933BA11564873E3303A5375818E
File Size: 2.17 MB, 2174976 bytes
MD5: 742c29b66ccfc3be0750221ce46780f5
SHA1: b372259b636ae0bf17209d60c1ae62cdf2379510
SHA256: 6EA015E59A84A76F135B5ABDCDBDDB2513AF7948FAED6A54020B045CF0DD9A6D
File Size: 1.33 MB, 1333760 bytes
MD5: d3e801eebb4bdf63c29c52cf0bbe63be
SHA1: 32cc16722557652e68146b43fd2325a7bc06ce6c
SHA256: E3A7B36562E2E75FA6FFDD327C0FBBA9060E7FC57D877C61E311BE0E6130AC7A
File Size: 5.28 MB, 5283840 bytes
MD5: c5f09c4ea01bb995ffc6a665eb9e3879
SHA1: 5f69208f1ddefba47b9a944acb12378da0ad672a
SHA256: FCD72E64A8BE28DC2A4FED09B8D89BE964FF98E6588DE6DC36AE21F689548246
File Size: 5.66 MB, 5658624 bytes
MD5: b18c4f7ef40a8e60aa0a1b3c6b54e2c3
SHA1: 43f4f1cae3b20f0ab411cf8ace9660ab459f3643
SHA256: 935AA0DB21DF1A75EA835BC5B48064EE0429529E5250AEFA83C0249DC4A51841
File Size: 6.37 MB, 6370816 bytes
MD5: 3760f9e7520967a2128dee9ad7b7180d
SHA1: 205a9cec34dde526116fb848f22331e0dbdc61e9
SHA256: 6FAF545B6E7F569F53C342428A4ADCF2BC66834AA158CAA03DFDBB78F9BB2655
File Size: 1.48 MB, 1481728 bytes
MD5: be6748df7a82d2932d32dec646b36d88
SHA1: fcb47edaa0c8e038890b1361ed4d4e2abd35ec98
SHA256: B15A85320B024CCC42C3B5D1E4A1FFFFFECFAC27B9E3DC4AFF9849CCB6BF15C5
File Size: 2.30 MB, 2297856 bytes
MD5: 4ac2884dcb47b521ca72c71df69267bb
SHA1: c51477a168a8adf39b2a5cd52156d1b57cb8ad21
SHA256: 61DC3F1B2BBCE609D256C322A4379602DC78882CA8BA7B8B862D94B21FA37D8A
File Size: 2.70 MB, 2699776 bytes
MD5: da8b99c0996fbeb9a5ea0e81834cec92
SHA1: 1fd2703cdf4cb6fced0c14def030e150920992c1
SHA256: 311CF318FFA0F2EE4B6B3E1C0BFA6E79512F2E3ACBEE00BEA3E2796BD5246F0E
File Size: 5.08 MB, 5080576 bytes
MD5: 83878890dd1d02a65ef69b408c8f0c0e
SHA1: 1ffb0cb6bc1254d590996bb45c1756037cf136b6
SHA256: 959F4AD4BADBA3EC6FC869C5DC95738E321BC0CA6DE3BCEE7818276C118E2A0E
File Size: 1.35 MB, 1353216 bytes
MD5: fb8e1a5c9351361e3648badea105e7a6
SHA1: cc798323c53e1b547d00c140809e89db7b84b42c
SHA256: 555A571610BE6B881AAE4793F5518DABED019E27E574D1AA2B6EE5802F6E232A
File Size: 2.44 MB, 2444288 bytes
MD5: 111be6838ba447d58062c4d9708bd3aa
SHA1: 73bb8cde2353a848492bff02c46695ad266298a7
SHA256: 2416EE01A552F10108BAA0D465229CE37B6C04C02572503219E54247253397D6
File Size: 1.57 MB, 1569280 bytes
MD5: ee01d9ece828ca69aa0afe4995ddb462
SHA1: be582f5d6bec7c50f1a8a41d09c6b86c17ef270e
SHA256: 7C8315936A5406CC46DBFAB1CD7E53D366CA307E0B67A093AAFD60A296B9ACDC
File Size: 2.93 MB, 2928128 bytes
MD5: 9c37fba5f90bdf2741650619d0a2bf0b
SHA1: 04e71669b4792e870b8f4c0344ac4b24fc446a0b
SHA256: 4B5F2FFA60D630DEBA2157077998D686CCD7C206C1A7A4DA212459C12E5C83A1
File Size: 7.29 MB, 7286784 bytes
MD5: bda23c54c96bb7acc0870988d5a15931
SHA1: 26b7b362ccb7daa74ea989e8eac034672a7f5027
SHA256: D9DF6B577D313D82EE62ED14C570A67BD3CBF995A6592236D0CF1D81996F505F
File Size: 2.84 MB, 2841088 bytes
MD5: d476b3ec07be2721f2a139ed21631e3b
SHA1: a20859a96339854b7f9ecb75cb164dd2acabd18b
SHA256: 4271B3E35349E242298EF4735E60708167B6EBFE81DC7071C19AD9A78105E5D1
File Size: 3.81 MB, 3811840 bytes
MD5: 176d3dfd7e9087c53aea2b164fe69d63
SHA1: 35caf85d5526d310901b66340c7badb368fbc33c
SHA256: 388759592C832045C46CA22A255EFF99B04E3D105B0D30ECDC6BBEE545AE10AC
File Size: 7.52 MB, 7517184 bytes
MD5: f1becc5061e597f5e50b95ce1d6d7c54
SHA1: 605d0730a80e4c14d7aeefae1b7b239d25df0e65
SHA256: DBC7663042E6AEF581D13BC2159285CC5D2DBB4E658293BEC94B32A5C49007FC
File Size: 2.65 MB, 2653696 bytes
MD5: d3909a79d05b545a664dbcea2a27cf1d
SHA1: 002e3f58a4be772e01d65b4906b7e4d4e9c328f0
SHA256: 58F57958A9DBFDD166AF6DA686613B9F5BE74EE1871D0531CEC425970FEE5C1E
File Size: 9.97 MB, 9972736 bytes
MD5: c20dcd7342a0069c86534a5c53f4291d
SHA1: 53d10e583d65e1cad04a16f171cc6071c280b8e8
SHA256: CFB3EE3A1AC297E4F72B203AC00009CBBA17C1E1A8B1933175DE50DD5789579A
File Size: 3.86 MB, 3860992 bytes
MD5: b6244acda73f451be2ab6b6937df566f
SHA1: 1391a2a2426d83c1271438bfc1c339ad2ee485a4
SHA256: 338DA2E95F589146E3EB40093F20F7B9B0BFD9615A3FDA73939ADF09D5844F4E
File Size: 4.55 MB, 4548096 bytes
MD5: 2c66e586f0171f91780248058137117d
SHA1: 634c60fd7ea457ea210bf6d5ffcccba53e7df8a1
SHA256: E6963BAC2D8CA85F908580344CB910788007E46CA4742FAD16B821D262AE1085
File Size: 4.81 MB, 4808192 bytes
MD5: cf4697943d6fb1e71924780543aed60f
SHA1: 34ceee09766297788b4bab653ccea509a135891d
SHA256: 3F660E26DDD8E6B90AD9FFF23BB0C9A7755B82574F820FC4317D82CF3B5E5B06
File Size: 6.34 MB, 6342656 bytes
MD5: 36e8da65abb24e8221f7d6d810dda98b
SHA1: f299f6f29e0754392021e8b0242e016f029d48f3
SHA256: EF4E4956418DD0C8A2E4D3F60BE8371B874359AED30C9DB725776B4BAC2FF726
File Size: 1.36 MB, 1356288 bytes
MD5: 08e6a7ba6ed5fa1c0e60b0621adabab8
SHA1: 116965404683e8eb2d093e0814544009b23242a2
SHA256: 6B7D2C45AC7C58644103DB8914BF95450C4D44428A225AA814B13C0414A39A72
File Size: 6.82 MB, 6816768 bytes
MD5: 63564ac57a0d8f34311d0bc5eca8e1a7
SHA1: 4f77f6718f22cfea0760861beed47c8ffc4e6d02
SHA256: B95A57DCE2EE5BD0D223A321FE14393486FDA62E2C213648DB33A676F793BE25
File Size: 3.09 MB, 3091456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Act-3D B.V.
  • ByteCorum
  • Kiero Hook
  • Path of Building Community
  • Synaptics
File Description
  • DragonBurn is one of the best CS2 kernel-mode read-only external cheats. It has a ton of features, full customization, and offset auto-update. Undetected by all anti-cheats except Faceit.
  • Library that hosts PoB Lua scripts
  • Lumion LiveSyncEngine®
  • OBS Studio
  • OpenAnimationReplacer
  • Synaptics Pointing Device Driver
File Version
  • 17.0.0.0
  • 4.00.43551-experimental
  • 3.7.9.3
  • 3.4.7.0
  • 3.0.0.0
  • 2.5-1505cff
  • 1.0.0.4
  • 1.0
Internal Name
  • DragonBurn.exe
  • Kiero
  • LiveSyncEngine.dll
  • OBS Studio
  • OpenAnimationReplacer
  • SimpleGraphic
Legal Copyright
  • Copyright (C) 2024 Kiero. All rights reserved.
  • Copyright (C) ByteCorum 2025
  • Copyright OBS Corporation. All rights are reserved within OBS Corporation.
  • GPLv3
  • © 2023 Act-3D B.V.
Legal Trademarks Kiero
Original Filename
  • DragonBurn.exe
  • LiveSyncEngine.dll
  • OBS.exe
  • SimpleGraphic.dll
Product Name
  • DragonBurn
  • Kiero
  • Lumion LiveSyncEngine®
  • OBS
  • OpenAnimationReplacer
  • Path of Building
  • Synaptics Pointing Device Driver
Product Version
  • 3169.31.0
  • 4.00.43551-experimental
  • 3.7.9.3
  • 3.4.7.0
  • 3.0.0.0
  • 2.5-1505cff
  • 1.0.0.0
  • 1.0

File Traits

  • CryptUnprotectData
  • Discord
  • dll
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • No Version Info
  • ntdll
  • Pastebin
  • VirtualQueryEx
Show More
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 3,955
Potentially Malicious Blocks: 300
Whitelisted Blocks: 3,487
Unknown Blocks: 168

Visual Map

? ? 0 ? 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x x 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 ? 0 x ? x ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 x ? x x x x ? 0 x x x x x 0 0 0 0 0 0 0 x 0 0 x 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 x x 0 0 x ? x 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x ? x x x x 0 0 x ? ? ? ? x 0 ? ? ? 0 x x x x 0 x x x 0 ? x x x 0 x ? x ? x 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 x x 0 ? x x 0 0 x x x ? 0 ? ? ? x ? ? ? ? 0 ? 0 x ? ? 0 ? ? x x ? ? 0 0 x ? x ? 0 0 ? 0 0 ? x 0 0 ? 0 x 0 0 x 0 0 x x 0 x 0 x 0 0 0 0 0 0 0 x 0 ? 0 ? 0 0 0 x x x x 0 0 x 0 0 0 x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 x x x 0 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 ? x x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 x 0 0 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 x x 0 x 0 x x 0 0 0 0 0 0 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 0 1 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x x 0 x x 0 0 x 1 x x 0 0 x 1 x x x 0 0 0 0 x 1 0 x 1 x 0 0 0 x 1 0 x 1 0 x 1 0 x 1 0 x 1 0 x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 0 0 0 x 0 x 0 0 0 0 0 0 ? x 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x x x x x 0 0 x 0 0 0 0 x 0 0 ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 ? ? ? 0 x x ? ? 0 x x 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 ? 0 x ? 0 0 0 x x x x 0 0 x x x x 0 ? 0 0 ? ? 0 x 0 0 0 0 0 x x x 0 0 ? x ? ? 0 0 0 0 0 0 0 ? x 0 0 x x ? 0 0 ? ? 0 ? ? ? ? 0 x 0 x 0 0 0 x 0 0 0 0 x 0 0 0 ? 0 x 0 x ? 0 x ? ? ? x x 0 0 x 0 x ? ? 0 0 ? ? x x ? ? ? ? 0 ? x 0 x ? ? 0 x 0 x 0 x ? x ? ? ? 0 x ? ? x x x 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 ? 0 x ? 0 0 0 0 ? 0 0 x 0 0 ? 0 0 0 0 x ? ? 0 ? 0 0 0 0 0 0 x x 0 0 x 0 0 0 x x x x x ? 0 0 x ? x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x ? ? ? ? 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 x ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.TRG
  • Gamehack.CAA
  • Gamehack.DSE
  • Gamehack.EBB
  • Gamehack.GACH
Show More
  • Gamehack.GDDG
  • Gamehack.GDDH
  • Gamehack.GSH
  • Gamehack.GYF
  • Injector.KFSC
  • Kryptik.DTE
  • Kryptik.EFJ
  • TelegramHack.C
  • TelegramHack.G

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxc0a5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\crwpw2y.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\dll_exe_dump_boh.bin Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\dragonburn-tmp\dragonburn-kernel.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dragonburn-tmp\dragonburn-kernel.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\dragonburn-tmp\dragonburn-usermode.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dragonburn-tmp\dragonburn-usermode.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l3\31\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_35caf85d5526d310901b66340c7badb368fbc33c_0007517184 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_35caf85d5526d310901b66340c7badb368fbc33c_0007517184 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㷮ྫྷ㐼ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 슼ၯ㐼ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 曐䖡ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 庫ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㵘ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沋䠱O噀ñ᝹ʁ뽹ɞ傄ë鶝’駃óߙĤÉ RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沌 䠱O噀ñ᝹ʁ뽹ɞ傄ëķ鶝’駃ó䧌VߙĤ⣳ġj鈄ĞꩠŖÉ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沍 䠱O噀ñ᝹ʁ뽹ɞ傄ëķ鶝’淃駃ó䧌VߙĤ⣳ġj鈄ĞꩠŖÉ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䓫庫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 먌庫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쳯庫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䇼庫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 庫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ઌ搂脜ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 镉졧꛻ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 邖떈쿇ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
Show More
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateNamedPipeFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPrivilegeCheck
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletion
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationToken
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletion

22 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getpeername
  • getsockname
  • recv
Show More
  • send
  • setsockopt
  • socket
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
Service Control
  • OpenSCManager
  • OpenService
Network Info Queried
  • GetAdaptersInfo
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winhttp
  • WinHttpOpen

Shell Command Execution

C:\WINDOWS\system32\curl.exe curl -s -X GET https://raw.githubusercontent.com/ByteCorum/DragonBurn/data/version
(NULL) C:\Users\Hbmpscbn\AppData\Local\Temp/DragonBurn-tmp/DragonBurn-usermode.exe
C:\WINDOWS\system32\curl.exe curl -s -X GET https://api.jsonbin.io/v3/b/690e4759ae596e708f4b20b3
WriteConsole: The current dire
WriteConsole: Press any key to
Show More
WriteConsole:
runas c:\users\user\downloads\._cache_35caf85d5526d310901b66340c7badb368fbc33c_0007517184
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...