Trojan.Agent.OIC
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,277 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 573 |
| First Seen: | December 29, 2023 |
| Last Seen: | March 3, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.OIC |
|---|---|
| Packers: | UPX! |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
1c097f72ef8a7900ab146e88c9d8980f
SHA1:
310005ca011348fd7e99637d39e69bb02e64870d
File Size:
1.08 MB, 1078272 bytes
|
|
MD5:
2461bf462dcf5663d99a3b221dc10969
SHA1:
7897b7b8670a6c2bedee60b9ffe97f2840386bdf
File Size:
452.94 KB, 452935 bytes
|
|
MD5:
94e85be24fb1275197befa80986a5afb
SHA1:
71ecfefd0cd07066c81c81eafd57903b0c02689e
File Size:
285.18 KB, 285184 bytes
|
|
MD5:
9135a62426155ade541df29878ee1209
SHA1:
f80eef522a36c4e167fd8d5cc3f77a0d78b5ca13
SHA256:
DFE67A34BF2D3D870014C2F519DE9C5EA43C58E9CFC4CA5823CE01C55D670BA3
File Size:
300.94 KB, 300936 bytes
|
|
MD5:
b8d6a9d1e6e9d82a4144d895b954c519
SHA1:
4a5eefb9dd9a37bba6796bf20db333c491061db8
SHA256:
8B315342C794682D7CA9D58DA84F0F9C7F42AFB472C255B977A0215417F7DF9F
File Size:
325.13 KB, 325128 bytes
|
Show More
|
MD5:
4262bd7bbbabbe2828eb4cb3620fee0c
SHA1:
8612bd60d7c23b8e84a95d53fafd485e9901a0a4
SHA256:
348B3426E919C05547D079C1F19ECC813408B372C4151046AB216B5A11F3CD19
File Size:
1.04 MB, 1038592 bytes
|
|
MD5:
fc06d9ec56dd0b53e74c45ff287163fc
SHA1:
13d679fb3591354d07c4539d33875c37ffbb222c
SHA256:
5134FC046F94A74C987E6687BE3F7938EBBB4FC112F452F0423740FEA6C2BB7F
File Size:
3.65 MB, 3652897 bytes
|
|
MD5:
9fcd41767fb68facef67ac096719869d
SHA1:
540769c22256309c443dfb542fca83e41798d9b6
SHA256:
66F175BCCC377DBE3D17CB8729AD4E769973815ED857A916E85FDC4265BD1950
File Size:
1.04 MB, 1040224 bytes
|
|
MD5:
273daffaf24dbc48fde8fe5ac971166a
SHA1:
6569c26b0ad27f675e946c585fa70794ae263fc8
SHA256:
C50B435F5463AE28ECA6B18D57EB75645BC0156E2145F7D96FA77CA998563A9C
File Size:
697.18 KB, 697184 bytes
|
|
MD5:
3350056b9409b7134416f5426412316e
SHA1:
a861a546a3c07784c8f4c5d88907ae382689f52b
SHA256:
F718A9B92B200BB8DB95DF7EE85CF27FCA402A1C5D821D79AC04ECA78A15B1EF
File Size:
1.04 MB, 1040224 bytes
|
|
MD5:
3fbaae5a4884090b3ef2babdbfb82356
SHA1:
221874d6d895663e60d71bacb7377e5abe85612c
SHA256:
9EEB6B6DE1213A8A2F96CF8CA9F4DCA8B618CC0DE8CDA6584B18FD16E0A2A4C8
File Size:
691.28 KB, 691280 bytes
|
|
MD5:
9ad22dee095e5ce60c1c6a4cbb4db174
SHA1:
9cf3f7e5cd42eff4c3572e4820cb740f57892b5a
SHA256:
3D92C98D9698B230DAA7144B621DD4810781187B2E5278E973CB899C1804B597
File Size:
388.37 KB, 388368 bytes
|
|
MD5:
65ee023d3bcc6b859c026d7901408f3a
SHA1:
5105d3df5dadf4b8733b201b0167fa0cafa0b7be
SHA256:
8FFD0F86239C412F2754CED121EA0BB6B701CD68818B8A5884AC5C48B54DD806
File Size:
454.77 KB, 454770 bytes
|
|
MD5:
d4095c2d148a9bbd5e14f99c854bec7f
SHA1:
ec4ff5eeab3a4dc1323ed320c5dd8339b5b2702b
SHA256:
37C0DC5D85FA967D2CBE2DE6C17F6F36C7DB3B6E073CAD622D3D18CDBCACA57D
File Size:
328.20 KB, 328200 bytes
|
|
MD5:
a8bb9b8e5df30ffd01c10140b84a4452
SHA1:
779738926a7990849c10e4cee71c648dc56a105f
SHA256:
7A2469154AA5A661D2F02F7799508BB0DF72F633042DE9A119817D591EE66D47
File Size:
1.00 MB, 1002888 bytes
|
|
MD5:
4ab6321e76796d4e03a387d3497ad965
SHA1:
3506d1ae85c1256ee4974101a09383e4fd7fa906
SHA256:
332E572E95F4B5E7A5765DCC319429F9DA6DBB1B8B95D09054096AC6DED7D04E
File Size:
1.10 MB, 1099776 bytes
|
|
MD5:
61b67068d026c80b96398ffe18e3824c
SHA1:
a2bb1e487346221ef75dfa1d3407e40f1f2d7ecf
SHA256:
A219829CD21B16CE4F8EA45EB2816AD230B36A7CBBA4FAB48F7987AA0326797B
File Size:
1.09 MB, 1092096 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright | Copyright © H.D.S. Hungary |
| Legal Trademarks | <none> |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- .UPX
- 2+ executable sections
- HighEntropy
- packed
- upx
- UPX!
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 10,021 |
|---|---|
| Potentially Malicious Blocks: | 398 |
| Whitelisted Blocks: | 9,386 |
| Unknown Blocks: | 237 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.OIC
- BadJoke.XA
- Banload.XB
- Crypt.B
- Delf.UC
Show More
- Delf.XA
- Delf.XB
- FareIt.LA
- Fareit.LC
- Injector.DFF
- Injector.DGB
- Injector.FCG
- Injector.FHBA
- Injector.FHBC
- Injector.GDSA
- Injector.KFAD
- Injector.KFF
- Injector.KFTA
- Injector.KI
- Injector.KKF
- Injector.KPA
- Injector.KS
- Injector.KZP
- Injector.XN
- Nanobot.FB
- Nockat.A
- Nussamoc.A
- Sckeylog.C
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\5088yyec.cmd | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\5088yyec.cmd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\afaapi.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\afaapi.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\code.7z | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\code.7z | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch-dnl2.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch-dnl2.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch2.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch2.txt | Synchronize,Write Attributes |
Show More
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\deta.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\deta.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dat | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detjm.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detjm.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.dat | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.dat | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.hdi | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.hdi | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\en.lng | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\en.lng | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\enpro.lng | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\enpro.lng | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdd.jpg | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdd.jpg | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsaction.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsaction.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsctrl.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsctrl.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.key | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.reg | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.reg | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.sys | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsh | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsh | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsx | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsx | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsversion.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsversion.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\libeay32.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\libeay32.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\na.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\na.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\removehds7.vbs | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\removehds7.vbs | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ssleay32.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ssleay32.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\status.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\status.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusb.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusb.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusg.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusg.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusn.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusn.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusw.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusw.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storagetest.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storagetest.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storarc.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storarc.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storectrl.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storectrl.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelib.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelib.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir-2.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir-2.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\uk.lng | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\uk.lng | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ukpro.lng | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ukpro.lng | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_status.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_status.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusb.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusb.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusg.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusg.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusn.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusn.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusw.icd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusw.icd | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\winsched.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nasi boot\hdsentinel\winsched.txt | Synchronize,Write Attributes |
| c:\windows\system.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center::antivirusoverride | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center::firewalloverride | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify | RegNtPreCreateKey |
Show More
| HKLM\software\wow6432node\microsoft\security center::uacdisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows\currentversion\policies\system::enablelua | RegNtPreCreateKey | |
| HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall | RegNtPreCreateKey | |
| HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions | RegNtPreCreateKey | |
| HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications | RegNtPreCreateKey | |
| HKCU\software\apcr\1214104697::1919251317 | 囏 | RegNtPreCreateKey |
| HKCU\software\apcr\1214104697::-456464662 | RegNtPreCreateKey | |
| HKCU\software\apcr\1214104697::1462786655 | RegNtPreCreateKey | |
| HKCU\software\apcr\1214104697::-912929324 | # | RegNtPreCreateKey |
| HKCU\software\apcr\1214104697::1006321993 | ¿ | RegNtPreCreateKey |
| HKCU\software\apcr\1214104697::-1369393986 | http://ilserbilgisayar.com/image.gif http://02dea25.netsolhost | RegNtPreCreateKey |
| HKCU\software\apcr\1214104697::549857331 | RegNtPreCreateKey | |
| HKCU\software\apcr::u1_0 | 奆 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_0 | ᶪ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_0 | 権ă | RegNtPreCreateKey |
| HKCU\software\apcr::u4_0 | RegNtPreCreateKey | |
| HKCU\software\apcr::u1_1 | ࣁ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_1 | 涣牥 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_1 | ᥜ獦 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_1 | 獵牥 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_2 | ヘ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_2 | 晴 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_2 | 賃 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_2 | | RegNtPreCreateKey |
| HKCU\software\apcr::u1_3 | 眸䭕 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_3 | 䰪地 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_3 | ぶ嘳 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_3 | 婟地 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_4 | 侼崟 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_4 | 튁즕 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_4 | ꟽ좖 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_4 | 췔즕 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_5 | 琣ࢾ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_5 | 占㯻 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_5 | ⭠㫸 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_5 | 䅉㯻 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_6 | ᇎ瞻 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_6 | 郋깠 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_6 | RegNtPreCreateKey | |
| HKCU\software\apcr::u4_6 | 뒾깠 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_7 | う忊 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_7 | ょ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_7 | 䈚⇅ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_7 | ⠳ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_8 | 珞蒨 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_8 | 蕾錫 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_8 | 鈨 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_8 | 鮨錫 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_9 | 穧飫 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_9 | Ⳍ֑ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_9 | 攴Ғ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_9 | ༝֑ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_10 | 䃩㓖 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_10 | 鱄矶 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_10 | 盵 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_10 | 芒矶 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_11 | ԥ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_11 | | RegNtPreCreateKey |
| HKCU\software\apcr::u3_11 | 鰮 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_11 | | RegNtPreCreateKey |
| HKCU\software\apcr::u1_12 | 꽲箾 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_12 | 痂峁 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_12 | ͕巂 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_12 | 楼峁 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_13 | ⍤ꗓ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_13 | 얆켦 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_13 | 뛘츥 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_13 | RegNtPreCreateKey | |
| HKCU\software\apcr::u1_14 | 꿳⍹ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_14 | 䩖䆌 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_14 | 㩏䂏 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_14 | 偦䆌 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_15 | 潸暪 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_15 | RegNtPreCreateKey | |
| HKCU\software\apcr::u3_15 | ꧲닲 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_15 | 쏛돱 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_16 | 辙 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_16 | ⡕♗ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_16 | 嵹❔ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_16 | 㝐♗ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_17 | 灱瑼 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_17 | 諠颼 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_17 | 샬馿 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_17 | 颼 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_18 | RegNtPreCreateKey | |
| HKCU\software\apcr::u2_18 | jଢ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_18 | 琓ਡ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_18 | Ḻଢ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_19 | ୬Ꭱ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_19 | 舨綇 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_19 | ﮆ粄 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_19 | 醯綇 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_20 | ⃧ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_20 | ᒬ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_20 | 漍 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_20 | Ԥ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_21 | 浐炪 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_21 | 摾扒 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_21 | ኰ捑 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_21 | 碙扒 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_22 | 㓇ᕈ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_22 | 풷 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_22 | 蘧햴 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_22 | 풷 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_23 | 陑 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_23 | 䙄䜝 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_23 | 㖪䘞 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_23 | 徃䜝 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_24 | 錢̱ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_24 | 릂 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_24 | 룑뢁 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_24 | 틸릂 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_25 | 쎱Ŝ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_25 | 叶⯨ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_25 | ⱄ⫫ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_25 | 䙭⯨ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_26 | 埇䳅 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_26 | Ʝ鹍 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_26 | 폋齎 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_26 | 맢鹍 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_27 | ﵣ湺 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_27 | ଓႳ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_27 | 䝾ᆰ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_27 | ⵗႳ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_28 | 믶鷲 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_28 | 苓茘 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_28 | 쫥舛 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_28 | ꃌ茘 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_29 | 왿鐩 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_29 | ན | RegNtPreCreateKey |
| HKCU\software\apcr::u3_29 | 繨 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_29 | ᑁ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_30 | 喈ꊽ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_30 | 鷚柣 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_30 | 曠 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_30 | 螶柣 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_31 | ⤕ᴖ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_31 | RegNtPreCreateKey | |
| HKCU\software\apcr::u3_31 | RegNtPreCreateKey | |
| HKCU\software\apcr::u4_31 | RegNtPreCreateKey | |
| HKCU\software\apcr::u1_32 | ᛵ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_32 | 眺䲮 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_32 | ҉䶭 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_32 | 溠䲮 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_33 | 㣍 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_33 | 뼓 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_33 | 蠼븐 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_33 | 뼓 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_34 | 相혀 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_34 | 䌄ㅹ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_34 | 㾣ぺ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_34 | 喊ㅹ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_35 | RegNtPreCreateKey | |
| HKCU\software\apcr::u2_35 | 톟ꏞ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_35 | ꋖꋝ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_35 | 죿ꏞ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_36 | RegNtPreCreateKey | |
| HKCU\software\apcr::u2_36 | ⊢ᙄ | RegNtPreCreateKey |
| HKCU\software\apcr::u3_36 | 噝ᝇ | RegNtPreCreateKey |
| HKCU\software\apcr::u4_36 | 㱴ᙄ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_37 | 뱢铜 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_37 | 듣袩 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_37 | 엀親 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_37 | 꿩袩 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_38 | 澍봴 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_38 | 㫅 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_38 | 䥷兀 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_38 | ⍞ | RegNtPreCreateKey |
| HKCU\software\apcr::u1_39 | 䜁ʒ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_39 | 誨浴 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_39 | ﳺ汷 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_39 | 雓浴 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_40 | 櫎㬴 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_40 | RegNtPreCreateKey | |
| HKCU\software\apcr::u3_40 | RegNtPreCreateKey | |
| HKCU\software\apcr::u4_40 | RegNtPreCreateKey | |
| HKCU\software\apcr::u1_41 | 㭦郆 | RegNtPreCreateKey |
| HKCU\software\apcr::u2_41 | 搧刿 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_41 | ប匼 | RegNtPreCreateKey |
| HKCU\software\apcr::u4_41 | 綽刿 | RegNtPreCreateKey |
| HKCU\software\apcr::u1_42 | ꅇ | RegNtPreCreateKey |
| HKCU\software\apcr::u2_42 | 쒤 | RegNtPreCreateKey |
| HKCU\software\apcr::u3_42 | 鬛얧 | RegNtPreCreateKey |
302 additional registry modifications are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| Syscall Use |
Show More
61 additional items are not displayed above. |
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
(NULL) na.exe
|
cmd.exe /c ""C:\Users\Khlaspue\AppData\Local\Temp\5088YYEC.cmd" "C:\Users\Khlaspue\appdata\local\temp\nasi boot\hdsentinel\na.exe" "
|