Trojan.Cerbu.V
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 4,616 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 2,777 |
| First Seen: | July 11, 2024 |
| Last Seen: | March 18, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Cerbu.V |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
20c4a17cde539b26d7ddc6f45552d63c
SHA1:
d084bcc7e90963ff0f902939d42ad88b2d8dda99
File Size:
9.07 MB, 9065392 bytes
|
|
MD5:
6565aa77232390ac0a4388a7124d17bc
SHA1:
24311361eb808256fb4bf41d1e228d36d37c8198
File Size:
9.06 MB, 9064520 bytes
|
|
MD5:
2b75c3782e4a8945768970802b237da8
SHA1:
0934639f33f8d1db3f6e4e4b237647b603d76c99
SHA256:
CF37404DD84590B3CEF50FE07632712BDAA52A961F74FE7F2F4EE20A22723928
File Size:
5.92 MB, 5915944 bytes
|
|
MD5:
68bb28bb9ea95876281cdaab02db070c
SHA1:
6444ba7174167f2f892fa3c65eb20124ff9fefa1
SHA256:
F79FFF33B8930F2081DA0D37B67E402D95BCDF0F5C7A14C7D44C44DA216525FD
File Size:
9.16 MB, 9162736 bytes
|
|
MD5:
65460c393a9166ab268bb2ecfac90600
SHA1:
b2a57f1c4871dea360fea4407d6f0e8728a3b375
SHA256:
1338985BD76B821FFAA27B6E9F2E0F097FD24257CB9EC14B6B504128D7669156
File Size:
5.80 MB, 5798047 bytes
|
Show More
|
MD5:
6cacc445a147f834ad47bcae3b7587f8
SHA1:
89fe62748429a6f019fcacf574d39ecfb436ea88
SHA256:
7139337FB634DAD24B5E7CDEB58D69222763AF1ADA06D439A489031113A496D9
File Size:
8.07 MB, 8066301 bytes
|
|
MD5:
456c055eb58461e139fcb6f43c1b0aab
SHA1:
a9bf76ecac5bb40cf70ecdbe83b984c8dcf85de1
SHA256:
6AC8FC77C20A609DF6C9A0396DB602C0A3C4B10221B13058DA1DA951D403678B
File Size:
5.92 MB, 5915938 bytes
|
|
MD5:
75da8ca49815f3df295110ac0ced0b26
SHA1:
0aaf2484ef2dfdcb0d5d0c691865125646e09960
SHA256:
72650F1AB4C1CDE3762BDCCA0E7E6A8F6BDC64EF93F06CFA1EA85548829A4673
File Size:
9.05 MB, 9054760 bytes
|
|
MD5:
c874f7ed83df6b79aa9251482e47f26b
SHA1:
012ba945f534d2b77ba6cc225c2ae8953b1a5e0c
SHA256:
CCB22F4DB5DB04E55FB5F495A3155E18C303AD4C6729CFF4F10A4488A3A772FF
File Size:
5.92 MB, 5915939 bytes
|
|
MD5:
614568d6d787af7c14aae5f2fc19ebb3
SHA1:
7399e7d8987094c4c06247c583003896f0c46f2c
SHA256:
E513E58342951319384EC3166C039F0EF00286323B32EFE810D11ACBD55E5C0C
File Size:
7.23 MB, 7225779 bytes
|
|
MD5:
ca4901e1d397c57715e32e4c8c158c69
SHA1:
acdfe73d08f675e8a9b9cf362039382a7b4909f1
SHA256:
4CE102EFC5FB34A40466CF93677C94160864FE8BFB18B4B0077144D3C66156E9
File Size:
6.08 MB, 6078986 bytes
|
|
MD5:
2fc81ebdd27a44c40ffb8bffb927a1c3
SHA1:
13a2f0911a7023c328f83e3f19f39a16f9901c6b
SHA256:
D750B21858758D2302C5707468C076FE7E1DE2B121D4C078D90E0452791AD75F
File Size:
9.06 MB, 9055624 bytes
|
|
MD5:
76b409a3f3cdb15178f41a0bd68fa770
SHA1:
bd93ee62abb10fc8d42eb90dee45bff67498b489
SHA256:
D605D8548A13EC67046F863880F4F81BE239581BF10B988BC514AFCFF8DD4F48
File Size:
4.83 MB, 4825256 bytes
|
|
MD5:
d8637e759029bae2a18f5c95c0d294ba
SHA1:
8aeee90e3e058d87516a89ab6da67d20f8706f86
SHA256:
FECA57E6E7030091B3A71ED2C31C8D4266913C01F262E052E5FEFEC0945D6061
File Size:
9.16 MB, 9162736 bytes
|
|
MD5:
77d25c4043b4d334d111bb6024873b73
SHA1:
c055b8bd52682166c52d6fd0198596be41e4e9a1
SHA256:
F413E1EA0C960D66DCE9048551C94232967F100455E2594AD35680C5AE4129C8
File Size:
9.06 MB, 9055704 bytes
|
|
MD5:
e4cfe212c607e99c4ef780defe177d20
SHA1:
19873f1e881da22e85243ec44061fd0dbd2c553a
SHA256:
AE1FC83F73DA716B06B70DA1F4EC0DB1BD825A156F43FF7978FCEF6809C792DE
File Size:
9.07 MB, 9065360 bytes
|
|
MD5:
189e0e83fc9fe0be7c7c7fb4658af5fa
SHA1:
ce8474dd85960726cb28f28c594f0564d740a72a
SHA256:
BB716BF9A6CB9ECE528112981FCC006E96BCA6A0747CDA43E3784B680DEE7A06
File Size:
4.01 MB, 4007303 bytes
|
|
MD5:
4d7e93fdf375c06caed60b0635d4d9da
SHA1:
94bc2d923f047cdce0bfb804371c00bdc49c9ba1
SHA256:
8EB5093E5F9323996E47B18C669A58A7107256CC955CAA51096882A192BC812E
File Size:
7.23 MB, 7226144 bytes
|
|
MD5:
6a1b0c1bd2f39e59d161639fa53afd11
SHA1:
751d1593cbd61d0bd19d20944731c6a9a24bb92d
SHA256:
16DF06B0C76DEFFF5C076D98E6680F52BA61044387DB1B18BD4B284EB756E5EB
File Size:
9.51 MB, 9513241 bytes
|
|
MD5:
0c23dd39fe639f49a765a81adac6bc9f
SHA1:
2026b0ef0e723636f075e94401c61c31c165fde7
SHA256:
96F060AF317B023C85BD9F42960AFAE3B23724D56742A886C354A93976A3E9CD
File Size:
1.09 MB, 1094935 bytes
|
|
MD5:
57f969f8273f050e2114c49a0439dc91
SHA1:
ad6376c1edf795f04cdd67ed7aa8b5c5b5d84933
SHA256:
B79A4B4E9294CA4EFBA6C77D9B7D60535F0DE2BCE48AA345EAC35B22FAC39442
File Size:
5.92 MB, 5915937 bytes
|
|
MD5:
73ec96e86a9c1d656ac35b522ef74a9b
SHA1:
998afd43cfd49f182387a8a086cb3f00053de117
SHA256:
789BEC99500EB4B2C3CE10D651F9BC46ACC89BAC5636C731DC0414CE36E391C4
File Size:
5.92 MB, 5915939 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Elevoc Corporation |
| File Description | ElevocAPOCheck |
| File Version | 1.0.0.1 (22621) |
| Internal Name | ElevocAPOCheck.exe |
| Legal Copyright | © Elevoc Corporation. All rights reserved. |
| Original Filename | ElevocAPOCheck.exe |
| Product Name | Elevoc APO Check |
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Elevoc Technology Co., Ltd. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Self Signed |
| Elevoc Technology Co.,Ltd. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Self Signed |
| Microsoft Windows Hardware Compatibility Publisher | Microsoft Windows Third Party Component CA 2012 | Self Signed |
| Microsoft Windows Hardware Compatibility Publisher | Microsoft Windows Third Party Component CA 2012 | Self Signed |
File Traits
- big overlay
- No Version Info
- Py-installer
- x64
- zlib (In Overlay)
- zlib overlay
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 849 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 849 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CobaltStrike.XAA
- Downloader.Agent.N
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_mei103122\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\libbz2.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\libcrypto-3-x64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\liblzma.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103122\zlib.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\libbz2.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\libcrypto-3-x64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\liblzma.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei103242\zlib.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\libffi-7.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\python38.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10602\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\certifi\cacert.pem | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\certifi\py.typed | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\charset_normalizer\md.cp38-win_amd64.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\charset_normalizer\md__mypyc.cp38-win_amd64.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\python38.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11082\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11122\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
7464 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\d084bcc7e90963ff0f902939d42ad88b2d8dda99_0009065392.exe "c:\users\user\downloads\d084bcc7e90963ff0f902939d42ad88b2d8dda99_0009065392.exe"
|
c:\users\user\downloads\24311361eb808256fb4bf41d1e228d36d37c8198_0009064520.exe "c:\users\user\downloads\24311361eb808256fb4bf41d1e228d36d37c8198_0009064520.exe"
|
c:\users\user\downloads\0934639f33f8d1db3f6e4e4b237647b603d76c99_0005915944 "c:\users\user\downloads\0934639f33f8d1db3f6e4e4b237647b603d76c99_0005915944"
|
c:\users\user\downloads\6444ba7174167f2f892fa3c65eb20124ff9fefa1_0009162736 "c:\users\user\downloads\6444ba7174167f2f892fa3c65eb20124ff9fefa1_0009162736"
|
c:\users\user\downloads\89fe62748429a6f019fcacf574d39ecfb436ea88_0008066301 "c:\users\user\downloads\89fe62748429a6f019fcacf574d39ecfb436ea88_0008066301"
|
Show More
c:\users\user\downloads\0aaf2484ef2dfdcb0d5d0c691865125646e09960_0009054760 "c:\users\user\downloads\0aaf2484ef2dfdcb0d5d0c691865125646e09960_0009054760"
|
c:\users\user\downloads\012ba945f534d2b77ba6cc225c2ae8953b1a5e0c_0005915939 "c:\users\user\downloads\012ba945f534d2b77ba6cc225c2ae8953b1a5e0c_0005915939"
|
c:\users\user\downloads\7399e7d8987094c4c06247c583003896f0c46f2c_0007225779 "c:\users\user\downloads\7399e7d8987094c4c06247c583003896f0c46f2c_0007225779"
|
c:\users\user\downloads\acdfe73d08f675e8a9b9cf362039382a7b4909f1_0006078986 "c:\users\user\downloads\acdfe73d08f675e8a9b9cf362039382a7b4909f1_0006078986"
|
c:\users\user\downloads\13a2f0911a7023c328f83e3f19f39a16f9901c6b_0009055624 "c:\users\user\downloads\13a2f0911a7023c328f83e3f19f39a16f9901c6b_0009055624"
|
c:\users\user\downloads\8aeee90e3e058d87516a89ab6da67d20f8706f86_0009162736 "c:\users\user\downloads\8aeee90e3e058d87516a89ab6da67d20f8706f86_0009162736"
|
c:\users\user\downloads\c055b8bd52682166c52d6fd0198596be41e4e9a1_0009055704 "c:\users\user\downloads\c055b8bd52682166c52d6fd0198596be41e4e9a1_0009055704"
|
c:\users\user\downloads\19873f1e881da22e85243ec44061fd0dbd2c553a_0009065360 "c:\users\user\downloads\19873f1e881da22e85243ec44061fd0dbd2c553a_0009065360"
|
c:\users\user\downloads\94bc2d923f047cdce0bfb804371c00bdc49c9ba1_0007226144 "c:\users\user\downloads\94bc2d923f047cdce0bfb804371c00bdc49c9ba1_0007226144"
|
c:\users\user\downloads\ad6376c1edf795f04cdd67ed7aa8b5c5b5d84933_0005915937 "c:\users\user\downloads\ad6376c1edf795f04cdd67ed7aa8b5c5b5d84933_0005915937"
|
c:\users\user\downloads\998afd43cfd49f182387a8a086cb3f00053de117_0005915939 "c:\users\user\downloads\998afd43cfd49f182387a8a086cb3f00053de117_0005915939"
|
