Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.AveMaria.GF

Trojan.AveMaria.GF

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 18,039
Threat Level: 80 % (High)
Infected Computers: 74
First Seen: September 13, 2021
Last Seen: December 27, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.AveMaria.GF
Signature status: No Signature

Known Samples

MD5: 2000c2eb3c53f635e67c9fbec52aaab2
SHA1: 9569317d710c56ae2be1526b24445dc42a4a1961
SHA256: 99F630F172A432AC73802F8A513CEE5926A89E98D2B1A04DF31FF4D48DAC6518
File Size: 954.37 KB, 954368 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Vimicro Corporation
File Description Capture Application (Sample)
File Version 3.1.000.4
Legal Copyright Copyright (C) 1999-2004 Vimicro Corporation
O L E Self Register AM20
Product Version 3.1.000.4

File Traits

  • x86

Block Information

Total Blocks: 3,349
Potentially Malicious Blocks: 36
Whitelisted Blocks: 3,078
Unknown Blocks: 235

Visual Map

0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 x 0 0 0 0 ? 0 ? 0 0 0 0 0 0 x 0 ? 0 x 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? 0 0 0 0 ? ? 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 ? ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x x x x x 0 x x 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? 0 0 1 0 ? ? 0 ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? ? 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::logtofile RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::timing RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::trace RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::memory RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::locking RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::error RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::custom1 RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::custom2 RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::custom3 RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::custom4 RegNtPreCreateKey
Show More
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::custom5 RegNtPreCreateKey
HKLM\software\wow6432node\debug\9569317d710c56ae2be1526b24445dc42a4a1961_0000954368::timeout ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::timing RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::trace RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::memory RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::locking RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::error RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::custom1 RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::custom2 RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::custom3 RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::custom4 RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::custom5 RegNtPreCreateKey
HKLM\software\wow6432node\debug\global::timeout ￿￿ RegNtPreCreateKey

Trending

Most Viewed

Loading...