Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.MA

Trojan.Agent.MA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,225
Threat Level: 80 % (High)
Infected Computers: 2,656
First Seen: December 27, 2016
Last Seen: April 9, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.MA
Signature status: No Signature

Known Samples

MD5: 469c6f14e5692d7d9d5bcae86ecca2af
SHA1: 2d4b990b99acaf149bcfb3bc56da7df97da9accb
File Size: 7.14 MB, 7140352 bytes
MD5: 9c818f4a0343c843b7c8da6021fb4b76
SHA1: f04ebb4f8591c415dcaae1a52ea1668ef623e1fe
File Size: 7.19 MB, 7186432 bytes
MD5: 38310afebb721e23841150f925c9f75d
SHA1: c51c4dfc19d748e1a3b224b28d49eabda8e90c79
File Size: 7.11 MB, 7112704 bytes
MD5: 1d874db74804af316f5a59161d1d1207
SHA1: 1505b9d6284d3d65d8ab712d394e5fb33ae5889c
File Size: 7.14 MB, 7138816 bytes
MD5: 76afe606f09648f27c27eac8c827da39
SHA1: e72c1865663c0d73c6805d6848d256822695ac71
File Size: 7.14 MB, 7138816 bytes
Show More
MD5: cc7334675c267aa78aada9a849e1fb34
SHA1: 2d296f4cd3937f72f16b991cb3261312fd95473a
File Size: 7.14 MB, 7138816 bytes
MD5: 29b53dca005188b8021b9b36abfd0c61
SHA1: f96ba400ac3fb5f9b09a4b6fac92ced3bb842ace
SHA256: 7BFE7C8692D4F1A07C5CF3897AAE49F2D577ADFEA9D9068C549F70C01C8B80C0
File Size: 7.17 MB, 7170560 bytes
MD5: 2500d77a605dc4f500bf74c3e8ef4fff
SHA1: 1e5e3f1e9597de3b47873faed62539def9c79734
SHA256: E93EF6DD43FF4A214C9CB831B474CB66DA96AB141AA1823EDFB5F050666900BF
File Size: 7.22 MB, 7218176 bytes
MD5: 92a98caef0af669e1f1f65461129150d
SHA1: 40f60e596c3debe966d5aa57dd8dcee672f25e57
SHA256: 5C2593FC14CF2907DF9DCC6EFD153B091F86F43BC1259D38561D97377DC1BC2E
File Size: 7.21 MB, 7207936 bytes
MD5: dfa8ea44ba76c8115c27aff466926e9b
SHA1: d3a16a368260628d08e386d8cc0e7d5d3c2a8f36
SHA256: 86086F9DA3E674C3952FC1726FFF65FB62CCDB2F7EBDD55690C7100DE4B8BBE7
File Size: 7.09 MB, 7091200 bytes
MD5: a6b1c8a9c9400ec61e2c58adcf874776
SHA1: 62043da4f01dc4412ea23792b5d9849bd6596fa9
SHA256: 46EEC849BC3A9BCEF7F543D14C5EF69A7DD1A5D42D5052E0D0B1EE70CBC58B35
File Size: 7.09 MB, 7091200 bytes
MD5: 1ecd5ad58e3cd6a88611bccf03555f95
SHA1: a093097d7141060b2a6a50426e65d8dc447ade8e
SHA256: 9FADE33AD626FC4BDEB9931EC51ED3A50B8682E96CD855A6FDDC327E2B3AFB48
File Size: 7.17 MB, 7170560 bytes
MD5: 9ba2231ef9847291ffb6c739c3d0a948
SHA1: 3eeab1948ce5c8c7c7010c98df1db5e20f7954b4
SHA256: 2B4986C2129A61DD806C825B4B97058E61DE9F657840CC48C2F3826F4EE34120
File Size: 7.42 MB, 7424000 bytes
MD5: a60ac6738b1658138ba6a9be9d99cc15
SHA1: 6e2ea4cb24cedc2a9e5e0173929a1dbdbcc4d9c6
SHA256: 8C2D4D98008AA8DC84519E1E46452D3E9FD383C593BFC74024528AE419D82044
File Size: 7.18 MB, 7176192 bytes
MD5: 336885c98465e648009987df07aa9d93
SHA1: 65913bf0bfdfa7cbfa21e6b7f8cfb530f86f52cc
SHA256: 86944A4CB8C72E847766B52DF9EB1F683B866450DC3692959C09EF6DC333F1F0
File Size: 7.15 MB, 7154688 bytes
MD5: 115104e61981fc61dcdb20f667418526
SHA1: 27330feee6423db4623f6fb87e02750003945060
SHA256: 367A6AAB325AB80CCD5D11142EE6C5E9F39C978B0967DC71313C8A9DFA5B46DD
File Size: 7.30 MB, 7297024 bytes
MD5: bf20806676ed5865e104f798de1e672a
SHA1: 54f0f6491953ee348cbc0258ba837eb64fae010c
SHA256: 8F9A7805B726EAD41B8BFDCE0E6F3D48D2CBF712F6DE06684799DACDF3D10501
File Size: 7.14 MB, 7138816 bytes
MD5: c684c2a8e8a8ad5b52581f2261719f8f
SHA1: 7e6cb0c70eca20b16fc5f978528ec02dcec7efe3
SHA256: D661A8BFD1386983C3018406120BE64EEB2F6EDF963FB17B460F5EB21F07372A
File Size: 7.20 MB, 7203328 bytes
MD5: 13a6765ba2239fe883c992af968fc8b4
SHA1: 0b4701b42f4866d9f117c9813d8f06593b744d93
SHA256: 58F45A7921CCF1839955D02379D2087DA3075C048C199816817EF68AD2D0E198
File Size: 7.27 MB, 7265280 bytes
MD5: 365a1daa97f49cfa84e7ec60e93d7b93
SHA1: 759fe1d81de91a3f1a57320a73a94b6223be1f80
SHA256: 722D30C538AE61D7970F153F09649B862997B45A81310ED14165B3BECD3D2993
File Size: 7.09 MB, 7091200 bytes
MD5: dc2844e11b854a0ff0f0670d558cdf9a
SHA1: 9c3b13424e6eeb5e2d3bc442d5a2d513a55350ee
SHA256: A91466F9A4894C28EFF8D0186CFB682192882C558A6D05C0738741BD15B7BFA6
File Size: 7.15 MB, 7154688 bytes
MD5: 90e1814ccac4570d8eae6606a97d8b64
SHA1: 98763641e9eb2da1e46d477b04fe6c4c2296ba07
SHA256: 7BF37864CB7A42FE4C895078633D1A23ED9CB057A34D6A260470AB36190A03FF
File Size: 7.09 MB, 7091200 bytes
MD5: 0a3cf4e366ebf21092d7d4388e506114
SHA1: 20115e456a3882eb637406cc8cd849ff03919b87
SHA256: E798428840ADE6B9DC78EED712E365025BD1F752703DC4C9D52D3BF9505F2C95
File Size: 7.14 MB, 7139328 bytes
MD5: c23fe8449e247d644b9cfef07b9b7145
SHA1: 42b44e3d28b881b77e7f690ae5b91a62c065a116
SHA256: 36E78F97E76DB0489F26ED25333A2F2A158A1F2DEF528734F527BAFDB172C504
File Size: 7.12 MB, 7122944 bytes
MD5: f67d3aeab4aba4ab0e9c930ca2db368b
SHA1: c78fee73318ff25b278376624e3591acb35a7dbb
SHA256: B41C560F2C3F710FA5241E9CFBDEBCE20766F30AE7F988CD5BC07BE26646B1A9
File Size: 7.15 MB, 7154688 bytes
MD5: 54d6615f88fcc9302a0c8930b5f6ec63
SHA1: b1a7e95527285276dc52d9deebcf99c46b0cd550
SHA256: ED2D7F3B361433EE4E1C043C4E5FF9B9DDAB9A0E2741AA953ACFCDC90AF89821
File Size: 7.22 MB, 7218176 bytes
MD5: 62bbf59c58f747aeee692a390323a01e
SHA1: 5139c44e080da2ce06cff502b0417ea2c1f90279
SHA256: A05116B5E127B790971EE235838636CAB45477324D14557638D433F6E62E8B4D
File Size: 7.19 MB, 7186432 bytes
MD5: 48f9f8e369bbbadc0842b6be6a797f08
SHA1: 6c0a7057cc46f780609e96db846e6e771dfb1a65
SHA256: F283D57E8E694A5FE55C288F9560D6BE657920CD56C2F5CB7F5A23F8B91C03EA
File Size: 1.79 MB, 1785876 bytes
MD5: 5a0028a894f1e9cc4b0718014581b151
SHA1: c217c44d8ecb41332a6b47550da49c88166975e3
SHA256: 46AF06C42A1D2A548716EE52A705A716B3E3FE9851CED4AC2DB69D71D8CC6102
File Size: 7.15 MB, 7154688 bytes
MD5: 6123704e2956a0d5ba090e64fd26b93b
SHA1: a72428561e4a2a86524ae29341c1497a273be5a1
SHA256: F33E23848BA11577F237CE40315A2F933070C5FF33C4DA3D02EB16F0CE1CDD86
File Size: 7.19 MB, 7186432 bytes
MD5: b6a73534803ac8242a15be872d5e9306
SHA1: 45babcee1c32bb85acfe8c12f9dfa30529c87abf
SHA256: 83480D0DDBB053A9723B3F502EFBF082046A692F907747BFB54C9ECC1CC527DF
File Size: 7.11 MB, 7109632 bytes
MD5: 67342905b5723688b9a96f76ac97485d
SHA1: 201a72958e039ef173b386b43f37daf8734ed592
SHA256: 6416D22F573D23EF4C7200FC103E8F4A07725C38A02DEFE1EB03C74FAD0A1575
File Size: 7.15 MB, 7154688 bytes
MD5: 695552942cd21ce669eda37da7b5fe75
SHA1: b49ec6949d81b39feafd474b2969a50e3386c956
SHA256: 95B1D4C6312E2A0D768410006F3D5392E8FB6C16F9FF34C86A5F447DA4283956
File Size: 7.25 MB, 7249920 bytes
MD5: cca11bd11b6299511e7b4d065e535a84
SHA1: f0fd01e552bd0f69a943eee65f9ce94043185451
SHA256: EF24D0218F1A43A9E2CB8334F94066CBD45CFFCD26BE1964E57A02DB8863A920
File Size: 7.11 MB, 7107072 bytes
MD5: 86104b2a6cf69b00c1cd5599346b9736
SHA1: beb578ec803c1a39c7518842ebb2fe45b395a346
SHA256: 429730146F7B42B8DAF87687DA07C1C4CCC5C7AC7DBAAD62EC3D461AB0C4AD61
File Size: 7.27 MB, 7265280 bytes
MD5: 1e406b283fb6330bbd3e471e9084ebfb
SHA1: 188a628de145f0cd8623660a49b259ee692df65e
SHA256: 9E359A2232700AED468E45CEF16542CA8E997F829E01E1D3084FC170CC3D1ED2
File Size: 7.12 MB, 7122944 bytes
MD5: e0e3fad9f0bfe095e651f409cdc0c5b8
SHA1: 7cc22160841b75bbf9e8e0b577cc81c4e77468ac
SHA256: 8B1FBBC8CAE346261F755463FEF080424E8CBBCA2E2F1EE4353E467FA668304E
File Size: 7.09 MB, 7091200 bytes
MD5: 46b6f4b444afefb8680144055d22e86a
SHA1: 563ef267ead4125b18eba0aebab34188ea55ed98
SHA256: 936861B331C3FFFAD8604C29C0DD6BCC26170181270648FF1062C8629B5E674E
File Size: 7.09 MB, 7091200 bytes
MD5: 1c76cd964d6cf323ae5b826d10f20a78
SHA1: 7ab215bfd9433b7c468b50b6532ff16a14d420c7
SHA256: F658D7F93AE960C9E439D945618542DA0B2FA4C3CAFDA8D0297B0082B00C91BF
File Size: 7.13 MB, 7129088 bytes
MD5: d4ce7e147c16701010b202bc751ef1f0
SHA1: fbfe2daa1074e0b28329ff66abaf8385e5d33ec6
SHA256: 6D80C218E8132B97B9654FF671D3DBCB96DF835B3035B9C3DD0D26F9E25066EB
File Size: 7.11 MB, 7107072 bytes
MD5: 2d3debc588e714d29b3504a51933e13d
SHA1: 104e7bfdaffcf90191b9fa329029caa444c07e5b
SHA256: 2944D10FDC66DDAC54F7EBD44BAD94217755D7F039FA524DAF17EDC30A94EFCE
File Size: 7.17 MB, 7170560 bytes
MD5: b9335255ac56af8e256d7cd5e36fc0e9
SHA1: 8b94ff0d0cb79dff118532bc57629459d38d0c0c
SHA256: 712D5A352153C87695283712599BA99FC1A05A0D956433F0EBAF8698F4E8EC9B
File Size: 7.15 MB, 7154688 bytes
MD5: bf37c94c9caf1175ba298fb3ffebe8e1
SHA1: a9c59e6b2fc1cf9e54fee10d215fe62080b80b79
SHA256: 5B0BBC267E7B2062D265413206ECD426B9127444D907C9547E14B90F62A8C935
File Size: 7.17 MB, 7170560 bytes
MD5: 51f83c0be170ee63cba3ea40c6f8b150
SHA1: 44f8658b03a5fde042b80ca09ac74d466fd79fd3
SHA256: 9125E0B09B22570F2D7F167DC2845405A1BCC893D610AE7D2C3D3E29E892F2FD
File Size: 7.20 MB, 7202304 bytes
MD5: da000dbf881a412a8f9b5b4de259f4a7
SHA1: a6330375f50981887c4c3baf3861ecd2eac9e25e
SHA256: EF340CFBFB271786B0DD77F779D84D3ED3A77D5D7CAED49686E8E9096C1196FC
File Size: 7.09 MB, 7091200 bytes
MD5: 335cd418451cffd779902ac2c99e322e
SHA1: 681d57269eb695630b602c65c7b4101da46664c1
SHA256: 554DEE82E9121FC060B5C0DD26B3577DBC92D9FB5AA9AE7CD51BCD5BD39BAEE6
File Size: 7.12 MB, 7122944 bytes
MD5: d01197e3ef5013abb4a484dd3a7c3677
SHA1: ea98628cc0f85b7704d9ad3e6e8c0d542f0032ca
SHA256: 9CF8766347D19E0E68CA08C1170B403B5326FC1EF6FF2AE020C57960A535F2F9
File Size: 7.17 MB, 7171072 bytes
MD5: 11b852b659a8e985361b79b364507bbc
SHA1: fa86ece902f868c57d59d89d7c269bd16a28b21f
SHA256: 276A1268FA88DF7D3E074D0C952E8B92C3D95F707BB14FFC861CE764ED248882
File Size: 7.14 MB, 7138816 bytes
MD5: 340125ec686895275ce986b1a334a41b
SHA1: b692572637386827ccc983dee8b6a5956c8b2663
SHA256: CF9D168A2382CE16BF2D2627F7ABD5A2D5CA2F92DA76F2C41A3CBA73281E437C
File Size: 7.12 MB, 7122944 bytes
MD5: 02fdffd109fef3ded98cabc473a64a13
SHA1: cb4560e04f8b52a96243775b3ffe41848defb5fd
SHA256: CE729AC0B3D1B49FBCE96240CCC955A486E38F94692424C9A9C9D25135BEEAB3
File Size: 7.15 MB, 7154688 bytes
MD5: fd1ad75a3433a135531ad6e7e49cd737
SHA1: 8894c53f7e5f345b191edac50291c86ea26615c3
SHA256: 2400D689D2ABD835C8A51A4538117BFD7F1C0A35F8CF34BCEA8AB361A0972BB2
File Size: 7.12 MB, 7122944 bytes
MD5: c8f7047d093b10b8498cbd7eb62d110e
SHA1: d259938574803e7209b6c61568c3964d5fa87050
SHA256: E111E65CD73B9F6B71F464465982C24E7A31B3C50B7B8E29EDB88443D1EAEB59
File Size: 7.17 MB, 7171584 bytes
MD5: 58c7a88f9ecb1f0ae729d1965a3a7017
SHA1: 3149b80d5885d788e42302df525ca04506bdd29a
SHA256: E8802C037F6429D24FE2A87BC7A80A67DE9664AD7E8BCA981E241E7506FA0B3F
File Size: 7.14 MB, 7139328 bytes
MD5: 856524713eb781f359bc2159b9c7f7fe
SHA1: d9fef36eb3a61a5f65ab2f58442d01fe09e44701
SHA256: C93E3CFF1DB4430E1D83A7BF3C1B982098081DAE2144CED915F0548C3B1AC66E
File Size: 7.22 MB, 7218176 bytes
MD5: 7adaa0ade7cdef1e0063124d6be6ec44
SHA1: dccb6b79a1ea907d5831d8bb5e06f6f151fe3e53
SHA256: D45A8C744B362DD1D0E741E629140D3B1FBB6B72B2C32122F0AB14761DD607F3
File Size: 7.19 MB, 7186432 bytes
MD5: b16e529b8fd100e6826ff9917358cf30
SHA1: 1433fec7447028b0d26a15d53a67c974fc5cdabe
SHA256: 9A042194919A1BA685094B1526D7D660A1F7B1B87D476D2A365F475F02FF6AA8
File Size: 7.17 MB, 7170560 bytes
MD5: f677c8cde94a7949ceccdcca5ac0cb62
SHA1: c87960d2641279c1783fd514ffc98318e02282b7
SHA256: 9526C57958E9F1032BAF7F0208B0FE638D78CF3E89F28C4B3F27E2F67EB00020
File Size: 7.14 MB, 7141376 bytes
MD5: 3b9f7e54802c4358a56b323663df02db
SHA1: 86649ef8d2c8dfa1d2b877493b9c8208f150d5d6
SHA256: 2CF18238E06E10AADA671F40FB0CFD7015CFB484E7336996447B60D215AC76CF
File Size: 7.35 MB, 7348736 bytes
MD5: f2575a10bbdf7d60fa36fad54f5283d6
SHA1: 9082c7bfd34f2f092ef17233018c56f5863d815f
SHA256: FB9BFAE4DA8C1D2DEF6A0585116C05B339C700E0FD350379AC42AD78B0FE210C
File Size: 7.14 MB, 7138816 bytes
MD5: 3267cccc86f3ddd57874fb5155a27ac2
SHA1: c1ebd09f5b80c21ad392193bdce32f32f0ac40cf
SHA256: BD92B913BDF7D1602257EF091984D1B9638DC1CE0665031FD8D4043B4035FD55
File Size: 7.17 MB, 7170560 bytes
MD5: e8677e6f3ef4175c15c466ba69211ea7
SHA1: bf9003cc6dfe68288a6e70696c522ede809a0cdb
SHA256: BA846E28929C1F56E3D97AB46C86ADEFAE1DA388BD368089840078A6FC17E825
File Size: 7.15 MB, 7154688 bytes
MD5: daea7201e8db5be821b3df9070df175d
SHA1: bd44edfb560e9eb129281733aab5c0d24f03db1d
SHA256: 87A077807F06EA4A068154D3308CCCA7FDB694DB1BEE5C4FCE8A569CC1916502
File Size: 1.57 MB, 1573888 bytes
MD5: 910a588c6c44a6a31e5ec0b02a0d0d1f
SHA1: f622330ccb4deaca805fee2ce08e41e1f39edbdc
SHA256: 725D929F03EC73BF3866E1BAB81CB32634B139EA54C8378B2570050103C8E357
File Size: 7.09 MB, 7091200 bytes
MD5: 844021f18068b88a3eb1c4d7e086d436
SHA1: 1405862ec460a7f4e036625ae5329d3ca7577998
SHA256: DD67380CA8141825B2421A1D1FE7CD02A7AB7F3CB44D3F35C6B23E45190F5146
File Size: 7.27 MB, 7265280 bytes
MD5: ecc9068339e62570c1cd60f11e0f159c
SHA1: c5de796246641ec860254712d6220b7e98524844
SHA256: C3531B6B264EE6BEC8F1E1EDB1F295DBF3098145A6242F2DAE9FD7F57F3E7825
File Size: 7.14 MB, 7138816 bytes
MD5: af11b22f39d0d1a5226167bb96a26aa7
SHA1: 8dc85394afd3235a7225e021310c884851be1151
SHA256: 896DFF7A15C39260BA995DCF0CF421C1A0C3214F59BDC81216A952889E1EFD9C
File Size: 7.17 MB, 7170560 bytes
MD5: 76bbee680f2e55f7335a9f9fb796db6f
SHA1: 6dace66e92cc4c5a1ccfb2c684c5a6537b53a1a5
SHA256: 3815A494B0D2D229C80E35902D60FB224D30FBEBF292AA5D4CFF02CAD617F675
File Size: 7.14 MB, 7140352 bytes
MD5: 29cc8df603d54382d980aa1a24eb9104
SHA1: 41a9c6d3cdb87d43ea6a54a3d7baae13764d80e8
SHA256: 04F06BAC86C16D6D72379C1DBA5A862C6A83D051C6734CC3D7272A3BB62E6D4A
File Size: 7.27 MB, 7265280 bytes
MD5: e6b39d79376c9503502ba23fdb7bb66e
SHA1: e6cd37cb14886fee65fead15b50a0e643a21a36a
SHA256: 16246E5343B2FC777AB0EDDCD69197018F49B853693C560ABD1025B2D58E27EE
File Size: 7.24 MB, 7239680 bytes
MD5: 3c1890ac77860b30b4051b12b75cb225
SHA1: 061ee7d26e08a40ff1165fa0cc95fe97647643b2
SHA256: B286CBA8B94CE6D973EECF748B107D733465EAF338FEC5F919FD0A8EFC59EB32
File Size: 7.08 MB, 7075328 bytes
MD5: c0bfb4e5f3211111c48aa9c5de1bda04
SHA1: ab737989fe8ad09aa6ef7e7739e08756c07938c3
SHA256: 26A1CE2F646918D11DCC0175B53422E1A4B810607F6AEC6CCF5D05AC081CBF1A
File Size: 7.22 MB, 7219200 bytes
MD5: 02ae20b805646a84ed7cec763d9be2e5
SHA1: 88f51a16197760f5a10e25a38adf69200084fb8e
SHA256: 8A0F3AC713381A861D3C97E578AD481D1FE41683F3B832670534AC2CECE38A23
File Size: 7.28 MB, 7281664 bytes
MD5: 2db21f89a8534dd3b546439cfdacb2ae
SHA1: e49b24772240f5d876bf9995e8e41f38013466fb
SHA256: 351E63A76A1A54BAB631653A892744EB79DC3E8D17F93880544569917D7C38C0
File Size: 7.19 MB, 7186432 bytes
MD5: ba01f4ec553c009966c627aabb50c6dd
SHA1: 3b0ba14c6740d90e223f805b83de1dbd07b652df
SHA256: F1B264FFFDEE61ABB182806374F359015747E763CAF4C87548F98BAB19DA675F
File Size: 7.18 MB, 7176192 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments Controlador de Protocolo de Rede.
Company Name
  • Microsoft
File Description Controlador de Protocolo de Rede
File Version
  • 1.9.0.0
  • 1.00
Internal Name Win
Original Filename
  • Control Network
  • Win.exe
Product Name
  • Win
  • winPrsv
Product Version
  • 1.9.290
  • 1.00

File Traits

  • 2+ executable sections
  • CryptUnprotectData
  • No CryptProtectData
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 15,524
Potentially Malicious Blocks: 281
Whitelisted Blocks: 15,154
Unknown Blocks: 89

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Netfilter.A

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft windows Synchronize,Write Attributes
c:\users\user\appdata\local\microsoft windows\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\default.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft windows\libeay32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\sqlite3.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\ssleay32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\taskwin.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft windows\winprsv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::enableballoontips RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::kernel system "C:\Users\user\AppData\Local\Microsoft Windows\taskWin.exe" RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::enableballoontips RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::control network "C:\Users\user\AppData\Local\Microsoft Windows\winPrsv.exe" RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 壈 Ǭ䠱O噀ñ቎ĤŁ傄ë릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鈄Ğ鍂€ꩠŖ忶Ǥ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 壉 Ǭ䠱O噀ñ቎ĤŁ傄ë릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鈄Ğ鍂€ꩠŖÉ忶Ǥ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::control network "c:\users\user\downloads\bd44edfb560e9eb129281733aab5c0d24f03db1d_0001573888" RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetAsyncKeyState

Shell Command Execution

open c:\users\user\downloads\default.exe

Related Posts

Trending

Most Viewed

Loading...