Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.CobaltStrike.SVA

Trojan.CobaltStrike.SVA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.CobaltStrike.SVA
Signature status: No Signature

Known Samples

MD5: 1986e3193198aff28903ca769b7fd0d8
SHA1: 1408305bdb9660020bb33133316a3473a73f0f15
File Size: 1.51 MB, 1510912 bytes
MD5: a76ff01fc0aa755d06735f453e1a4cee
SHA1: 4373ff944e83d77251a818dd2c087e10985b5007
File Size: 5.28 MB, 5278208 bytes
MD5: 02be6c6580b0e3f6053839bef2cf4414
SHA1: d29def49a224a6fb329f3caca64fa8efdd4f8e42
File Size: 1.33 MB, 1327104 bytes
MD5: f1c57d344f27000ad11bc0595b8b236e
SHA1: b8e4b0224825a3a84546ca5c97e9a1e25c7e9184
File Size: 1.15 MB, 1153024 bytes
MD5: d2f38fedbdbca2ed909366838e51b0f1
SHA1: 33b681623f82c9ea0ff8ea5ebb966577dd461bba
File Size: 1.63 MB, 1629184 bytes
Show More
MD5: 5e795edd6e5f64a84e96801dad3a5b53
SHA1: 5ef4cf79688e3930abb0051bd45ed6f32410de0f
File Size: 1.09 MB, 1092608 bytes
MD5: d24ede505e02ad770880e44224fe5f47
SHA1: 6691d03c2d30b7fd3213f2f15f361efa02d1ef46
File Size: 2.54 MB, 2541568 bytes
MD5: fd8a805be02c160fd892b0d3d52c5f33
SHA1: 796b1b59d210f416583fbe8278a5d123ba899e71
SHA256: E529590ABFE7E32B26C7944AA981DC4CA20C9BA823D19D0F66B08BFFCA910EEB
File Size: 1.84 MB, 1835520 bytes
MD5: 7e92c2bf71de987c97c0754c463787b1
SHA1: 4b1c8dfd5d8e82fc230da4c42fe4825c578ac51b
SHA256: 6A598128FDE3A08FD93FC7A3378A751D07002DEAAE73B051A918744E63895555
File Size: 2.14 MB, 2135040 bytes
MD5: 1b6011debdfc51ee90959a8d3f2bcf69
SHA1: 8016a39059415248c8b47402624090825807017b
SHA256: 1BAFCCA0C070C8E9EF0E4205C935AE066343E795CCDCC8CCE10B1D0692B9D1B7
File Size: 2.56 MB, 2560000 bytes
MD5: 58ef9bb16ff4db9225286063516cc854
SHA1: a8fae18c0e8ea4e5ed48285f5c3509081f35b8bd
SHA256: E1B15494400DC4F83E32663929373BCEE52B256611EE6A09B3CE39A5AF2C993D
File Size: 2.56 MB, 2562560 bytes
MD5: adc2a1ca9238a297bf61eed555a546b9
SHA1: 83c9d65a705ca13e2eb222c950df4b34dfadf91a
SHA256: 12E033BB3EC76CEE32F36B3B8520937B4758CEDF56AF46FC2752A524C12C587A
File Size: 2.51 MB, 2513920 bytes
MD5: 34bea6f6295733750f7cf78e1f8f826c
SHA1: 09ec5eeae45ac3fceed5c15bf85ac0b8cd861209
SHA256: E30C46A43703C8EF08DEDFE53A5DF680D9A39B4783554B01F5318BFFC71956FF
File Size: 2.53 MB, 2525696 bytes
MD5: 8a913c704359b752bad915d3145d2dd8
SHA1: 2c6481b167c7e511d3bb9d69abbd267d930db3f3
SHA256: C1D5CECF44245CD1E0D8BEBB9830736AD5D47CEDDCBCF99C2759B4D79306AFAE
File Size: 2.14 MB, 2135040 bytes
MD5: 479ff24bdff9c00dc2f7b5f29d9f8c94
SHA1: 10fce63cd8f97d27402f127d2b28fd81ef2c865c
SHA256: 0A78B0F552ADF13C61E36ACAFD7F492A1BBCBD2D8414E348477EBDC5839F3333
File Size: 1.64 MB, 1644544 bytes
MD5: 61fe7cc3d87b5547590bfc123297b267
SHA1: 87e33898135eadac55ebc41a74794a4323f114fb
SHA256: BC1B75C47C3C5AF0616DD99001663CC32385F469E108FEFBB77F36396BA21B1E
File Size: 1.99 MB, 1990144 bytes
MD5: db1264a855ac8230f1b7ae16e4cc5326
SHA1: c22a54b80ba0e95ac20390c35e11fe5dbd80fad2
SHA256: 4486CC3E9287746E6C435757DA0F39D5FEE44B72C23628735E44B31986AC7FC5
File Size: 1.26 MB, 1259008 bytes
MD5: 68052697b94cc47d769f5954c7c87891
SHA1: e489b6aa90975b5846e2933ad0535436cd4162e9
SHA256: 8CC801CE83E6282F6D562D2FAF1F717BF87EFA919AE7A94730DF04BC6B326AB7
File Size: 1.99 MB, 1988608 bytes
MD5: 109f891d0ffd1758b640ab2ab6fb47cc
SHA1: 45d3828cd737c07fa2cb4889dbb1d0977f40d64c
SHA256: 1E0889D378A313BB1E9739BC4056CA00CDEA277D9239FD319C81F46CD295024B
File Size: 1.39 MB, 1394176 bytes
MD5: bc96b55cc89b40c461d6d528dac5de07
SHA1: 939c71f8e5e84b4470024e4d92baf078d48d4304
SHA256: 52C74F788C3AFAC1F8166AEC21E62EEF989978F1EEB25BDB8116D857D5CE342C
File Size: 1.49 MB, 1488896 bytes
MD5: ed6e655d6eb2fbe382f28bb4708b531d
SHA1: 5474bce8e9a433a8b4c5b927ba384b7577672115
SHA256: D6F19ADC2BE2DB4852510ADA24BB6671FB21491B8B21B3BFDEDA463151716581
File Size: 1.80 MB, 1800192 bytes
MD5: 9139324f17774381fba60eb15dae3f66
SHA1: 22f7b61ea2c244ab93f11ca41d5485289632ce14
SHA256: F3A8635BE88A0AED49DB25D09A35CBA557AC7E8F0346421F86206C19F084FC56
File Size: 1.50 MB, 1495040 bytes
MD5: 1302ac2f876720cef0334422200ad80c
SHA1: acddab481c31c7c108380b86455eaaa097cdb6ca
SHA256: A0A0DC454804DB943B6E4705E4D59635E32070EAB673CF1C4C4AF1097C2FFD85
File Size: 1.65 MB, 1646080 bytes
MD5: 71303e7064eab5df73eee201ecb4e671
SHA1: 656fb3488cc8b9dfa2e7de398ec19ca5f341ae50
SHA256: B4157DFC903080CF1DDE98845E362EAE54E1576B5E80512A8952DF51661D4B3A
File Size: 2.03 MB, 2029056 bytes
MD5: 6d9916df586a1f9329f79d0cdf8d1bec
SHA1: 226b70d50ab10f13daa691d231c503db6b6d17b0
SHA256: 0F8271D3D7B3BA547D0206B92DAC654D55CF0D70FC23324293BF4F0ECCD907A9
File Size: 1.75 MB, 1746432 bytes
MD5: 9514eacd0ce74f5f51f31976dfbe1324
SHA1: 359b99f4df8952e3ceffaf17beb783c01fd58736
SHA256: E7ADE43F465F3236184A569F536B9CEDFD4D692A7D8512BBA1F65E4BFE71AEA1
File Size: 3.93 MB, 3926568 bytes
MD5: 7503636e0464df01e053d6b5389ec2a0
SHA1: f5963ed68cc34245df0a2e1035c90fbb17a8b751
SHA256: DDF54FE530FCDA3184BC93C777179C27FCB29B96B4367F988FBC2485AD036257
File Size: 1.33 MB, 1326080 bytes
MD5: 3f51992dc7aefe5e9829e74272820687
SHA1: 7306ad3965ae5c00885da83328cd68e759eb276c
SHA256: 64D0415DA672FFAA4A3086A230249FEF4033D18CCD75661DC3DC41D95C18300D
File Size: 1.37 MB, 1373184 bytes
MD5: 881e56d0a4acc6f3c722ef0df515072e
SHA1: 54ae5993787bb20313c5d6735525508cc82e55cd
SHA256: 0FF5E45E8AC14E6A6083BDA539F37F03FE1594D54523FF70720D9ED12B0B0606
File Size: 1.20 MB, 1197568 bytes
MD5: 7d91ab256d8df3758647441006f2aa9d
SHA1: 0feb4e6a0fc820197827bfa4bcc4bd056ccf0db5
SHA256: 9418A40893D69321E2A554D11AE75D5C50759BAA5E881E32841813214309F00C
File Size: 1.38 MB, 1381888 bytes
MD5: fbec30d0ab6fbb837e9055acd667a0fa
SHA1: ebd771fc2cde96a6feb11920a0fca23261041037
SHA256: 0CA5D52DBFBE15BEA43F51703AC17C2D46D1E5062B528F4F122FD7ACD8DD80D0
File Size: 1.20 MB, 1204736 bytes
MD5: 5e4d5daaf42baeb0603a8dbd640f9ca4
SHA1: e483148e91c3e4b59979887801fec28e373d11ac
SHA256: 3B5F2981CFA90E5B420C5B610B957FD0FEBFD3FEAAD05484959561BF362D3326
File Size: 1.32 MB, 1322496 bytes
MD5: 61b0a2d09047c562cb5bd1d29cae6f3e
SHA1: b069733cc6c673764b4d98747ba33e2dd14db4b0
SHA256: F37270779667751DD0EF109350F3C0E7F8C0BDC38354A4B9B381F04BDAE7EC10
File Size: 1.51 MB, 1507840 bytes
MD5: 41dfd14ab6f3fe80d765456352dbb271
SHA1: 9b8e6608b6c624f900e47f19a8d37e9f24f59d68
SHA256: B7C7C33519CFE90C2D8909CCD683F52CB3037FE93C72584E98C7AEA87363FBDE
File Size: 3.56 MB, 3561472 bytes
MD5: ad8a8dfab1edc0fe72758c8829606be5
SHA1: d5cd4bd84e895e5fae4492376c38e10540f031d9
SHA256: 39C4F5BC5342F8CC7653A66F242F0169E49170631172721DFA5B4EF1DB170F17
File Size: 1.42 MB, 1423872 bytes
MD5: 1c8be7fd88cc35b208e2e3dda5cec43a
SHA1: 01728aed021f2f3866aee082a502402797c1781a
SHA256: 70F98FF528C32800B0D8222B6CC73EA2DEE03ED15EC0EA3454F7D2FB6CFF97D5
File Size: 971.26 KB, 971264 bytes
MD5: d9da10c36d15099ce5e21a2cc86af66a
SHA1: b7d575521a9092ff1d11cd085e06f391dcc424ac
SHA256: 0E1416575F1B3C3D32BDD10C1F219810E11F542A4897893B3C1CF1BA6D5FFC8A
File Size: 1.21 MB, 1214464 bytes
MD5: f8486f6a690bcde217ece16189baee38
SHA1: 048f36761fb1b75ae9a2b71f57e241ce35eb9a86
SHA256: C91EBDFC2DD1BE09542E4DF37DDD491C2E3E5B05946AA6A0B68DEECB57FE845C
File Size: 1.45 MB, 1448448 bytes
MD5: 0cc73bf218d6ed82a8adda7fd2a12a56
SHA1: 677cdcb1b58c64e0cd130d9b28c2dc7e38dae4fd
SHA256: B37EE4418708D404B8AFF61618942C4BF8297AAB01963988D8CD8CC369DE0DFA
File Size: 1.87 MB, 1865728 bytes
MD5: 713f770022c0a8f1adad8ae78c46aa99
SHA1: e7883d1a8944adea1cc35a4fcd03f600baa21ac2
SHA256: E87152EF68CD00D81C8890079FBB9ACD18AD90E6D6568251FEDA68E5761D76BD
File Size: 2.87 MB, 2867200 bytes
MD5: d44853df8fe4eff51d2b160c14ca0a8a
SHA1: 52a2214063087ea9ecbef407de891a64ac62b632
SHA256: 2D4F778C9183E15A23693C9D15A22B929FD35990DBF362E2DFA7F64A06B990FE
File Size: 2.76 MB, 2755584 bytes
MD5: 8cf5053aab46ba0f1d78047241963078
SHA1: 6a3ebf92407b2ab18b0f64bcdb76ff30c8364286
SHA256: 88D101E3CAE56AE0EE8FEF0CD477C1A4559C8517AB1AF9D88BD821FC531A14B3
File Size: 1.27 MB, 1274368 bytes
MD5: c4d7ddc311c650487cd90995aaa61145
SHA1: 5b86b0e22e51a993fe7e80d3dd61abbe1a54d0e8
SHA256: 573F0B08E27628B714602317CD362856AD84551FA7EE809DCFC3ADCB6FEF4D23
File Size: 3.03 MB, 3030016 bytes
MD5: 7420ad980b548e384b6c54adadf14d83
SHA1: 99318af92e7b999acaa3fc2ae6108aff25452fdc
SHA256: DCEEE2AF4903F010CEC8CF0CF67553EEE168620647CDFF41AF0863D6CE85E3EC
File Size: 1.10 MB, 1096704 bytes
MD5: 3e6b0fd0f2a1f28bd11e3f962b1d2f41
SHA1: 49288698b72ef07f4677b966d734acd2a700989c
SHA256: EA9295847B901711F67D0647B2F8EAF528E5B0254D6590153C12A52C547B37CD
File Size: 2.66 MB, 2658304 bytes
MD5: f0d28254924ebdc39c3f30e531a0b4d7
SHA1: c160404bb14f1e9475ba927c8db8f2fe331e928a
SHA256: 3F5E350C292BD9CF53D3C4C64F08698283949624A7247977B088890A0E907509
File Size: 1.37 MB, 1368064 bytes
MD5: f6dc1d2af9d74afe5a5cef63e446f724
SHA1: 958153a63b93aa46c420dcaf40ecea65dcc2c76a
SHA256: FDA19CBDEE87BBF1BD19F5609149378064CF7D20367BCF67CCA48D12DC7188C7
File Size: 3.07 MB, 3065856 bytes
MD5: 5fd275bcf1ab4fbd7850cdc4c6081488
SHA1: 5d642067ce6702142f7c63302a0a782987568a41
SHA256: 89FE7E3B38F9B8B9841AF9AFF6C3CEAB891B38B7CFF979BABAA647D631476D76
File Size: 1.26 MB, 1258496 bytes
MD5: 2d1b4a2af062219d338e11ed01d54fa1
SHA1: aee05dcbf6bc64945f5b016131802af1e85197e5
SHA256: 533ADEDD9B87D3A3069E529F5BC3B22B5E2282DD9C7D60B39BE10D5D046CAB52
File Size: 1.33 MB, 1334784 bytes
MD5: 7301b46e10f1aafdf65fd4cc2c468e4c
SHA1: 891509b7930baf90ffc4e9ebd38ce026883f3ab2
SHA256: D1F8A45BB187C5A91BCCCB734F9F4F2E3E926D9B466261C43063C5079AE06A4E
File Size: 4.63 MB, 4630016 bytes
MD5: d5e49ac2122a1b95a44572ff598e75ac
SHA1: 76d7f7ddebb7fbd3fde397de306ff46a47340292
SHA256: 7EA56BE489AEF9F920176805FC888BFA06DCA9D875E143B40669BB613DDC93D6
File Size: 1.70 MB, 1696256 bytes
MD5: 87c35feac1438d1d9246bf5f93ba697c
SHA1: c3c6d4cce9508a84b40f6e5b2cd1c7aa71503533
SHA256: B8D1C96F91C7EC96724B9E3B056D05554C72A72D5DA90E1951628ACC6DF50779
File Size: 1.27 MB, 1274368 bytes
MD5: 862f8069c391b42b72ef3f149e4f4524
SHA1: a408649b8123376aee451c1a98985c22c4f7f1fb
SHA256: 4F5A1411B671E4CBD39841436FD1A0E7D4CCFCB8216E17A6048C6DB2DE81A93C
File Size: 1.65 MB, 1648128 bytes
MD5: 63ca0d31ad9e3432048f3012eef1922f
SHA1: 6401d53a0b0504cb4e41dda9b83c19d22d835a20
SHA256: E2E51B1D5292252E1E83C2D60E68CB21F9620E01B526E78C54915D716214211A
File Size: 1.93 MB, 1932288 bytes
MD5: 0f9ddb7ffafdc2f35ffbd40552ccee8a
SHA1: 4dd1a2a2cba0eb532fa3105f5c47a215031a3dd0
SHA256: F6AB96B8403FA2237B4A703F6007E921D920BD1008CD5D04F8E75433FEC6585F
File Size: 1.65 MB, 1648128 bytes
MD5: fd2e4bd2c5172754b99ed266b8e46743
SHA1: aec0a5bb7f1374305766b1118da2d77cb35661fa
SHA256: 4D902152C862F83AC88AE6CD9F816E573820C9E0F4AE3AA39651D3D75ED17D4D
File Size: 1.08 MB, 1080320 bytes
MD5: c9168001ea7b0d1c286f8e4333b999fb
SHA1: d2a9c6e977440fe6a9c4e2f3f439345a0490b0f8
SHA256: BE8537D8D783E48E18B4E8995715011666A7FAE2FB224E6713D2681FFE44E1FA
File Size: 1.32 MB, 1315328 bytes
MD5: 1a437d935c3dd8a7a2ca95ca208f6944
SHA1: f5cc967f57d611fee2de314d34731e6ee33d4f21
SHA256: F913FE3222A387E32B94D556FCF53757C942811EC5CE76EA87AD2DB5A4F27476
File Size: 1.38 MB, 1380352 bytes
MD5: 3bd3eb8524d92a369a65f7368c0c7897
SHA1: a91c480a3623659b8119b448ad31e6ef99c5e26c
SHA256: 22A49245ECD225061349B3F788977FDC90A35DA04CC5C6F2730844DE99091302
File Size: 3.72 MB, 3723776 bytes
MD5: d62fddeafd461533ab1143f456615825
SHA1: de86f10b082ab28870bb11610d3462828091daed
SHA256: FADA11AC7E3244C38617788841883C6E1C64F14FCCAE95118C115CD7D5AA0589
File Size: 1.56 MB, 1559080 bytes
MD5: d34cd3742edcfbb2a5400ec6dbd00886
SHA1: baed617aeb7e030fc355c4aa5132ce085c9e4341
SHA256: 395A2EA1789FCD18805B65AD7BF95FA71732FED24105111409CF282BF50A041D
File Size: 1.05 MB, 1049088 bytes
MD5: 6b8ac6585a4064ab8e5fe9a8ae31415d
SHA1: b80bddc3ced1db1ad29ee0c52010c8fc70660086
SHA256: C5A4047E0F4EEF883652A8998E3EE33D88794E19447D0624CE93A5FD9B8DAB50
File Size: 1.54 MB, 1538048 bytes
MD5: 591762c35ca331489be243e0427f7029
SHA1: 59de57d7759c092bcdce6c0e6ee07ca3a1188084
SHA256: 2E125CBD809E8460ADB65185A45B526F65172A8536E5BB4E42FDDEA29E9CEEED
File Size: 826.88 KB, 826880 bytes
MD5: efd275eac5d54fc81e220af5094ff05e
SHA1: 1cda350987cd8b4e006bb65591bbd3ceac9ebd6a
SHA256: 0272E051803643318BE4B021707E66D8D78B71C25123385CFC00DF708BC0A57C
File Size: 2.78 MB, 2776576 bytes
MD5: ea9fb18495da2730538440112e08d1d6
SHA1: 50568e14e9e89ebefe395a47391cc9440c09cc72
SHA256: E2B41634839236017052B534697D01216D88783EB92C89DE3C2F7E0A4283FA25
File Size: 1.06 MB, 1058304 bytes
MD5: 83bedca042a5bb7657d5c420b86cffb0
SHA1: 48d22cc24f2105e56e1326dd7d6d8666be15a3ad
SHA256: BFB05146CEEC370B71C73615EB6C0F94CA0A382CE342CE4453C3CF466C9A9536
File Size: 1.01 MB, 1008128 bytes
MD5: a220e9fadbda236502404c75ee1a5741
SHA1: eab14eeef9d027f076574ae46bf78c5a6638353b
SHA256: 2C0DDF000D9048B1BCA93EAACADDD3B8A1A07E3248AD26C0A099CAE3CBECE1EB
File Size: 967.68 KB, 967680 bytes
MD5: 510b6c876240ed4f5b56d87bc767463f
SHA1: 81ed2d20f40e7db2689f24851534588d601fc2d8
SHA256: AC03E111CFC2D7623513F5AC8AF86492125B6E4E14923C930EA7E81B4DD28352
File Size: 1.16 MB, 1164288 bytes
MD5: f4f6592690765d4db7f782915732f582
SHA1: 205d8eee08392c7965f107f36875e5721fc7f69b
SHA256: 103EEBAA75CBD42F57113949DC3AD5A464A451C1BF27FB14C85403D91686FD48
File Size: 1.37 MB, 1373184 bytes
MD5: 574fb2c8f685a14305a2043959e62977
SHA1: 57d04dd07f71cce479c819426151ec873074db1c
SHA256: C72AA0F25310862BB3FFEB354ABBF36EBA417CC3BB36A4C5489AAD794AB464F6
File Size: 991.23 KB, 991232 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name Microsoft Corporation
File Description
  • Microsoft Sync Center
  • Microsoft Windows Media Player Setup Utility
  • Microsoft® HTML Help Executable
  • Microsoft ® Windows Based Script Host
File Version
  • 12.0.19041.1 (WinBuild.160101.0800)
  • 10.0.19041.4355 (WinBuild.160101.0800)
  • 10.0.19041.1 (WinBuild.160101.0800)
  • 5.812.10240.16384
Internal Name
  • HH 1.41
  • mobsync.exe
  • unregmp2.exe
  • wscript.exe
Legal Copyright © Microsoft Corporation. All rights reserved.
Original Filename
  • HH.exe
  • mobsync.exe
  • unregmp2.exe
  • wscript.exe
Product Name
  • HTML Help
  • Microsoft ® Windows Script Host
  • Microsoft® Windows® Operating System
Product Version
  • 12.0.19041.1
  • 10.0.19041.4355
  • 10.0.19041.1
  • 5.812.10240.16384

Digital Signatures

Signer Root Status
NVIDIA Corporation DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • 2+ executable sections
  • fptable
  • HighEntropy
  • Installer Version
  • No Version Info
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 4,187
Potentially Malicious Blocks: 1,806
Whitelisted Blocks: 1,956
Unknown Blocks: 425

Visual Map

? x x ? x ? x ? x x x x ? x ? x 0 x 0 x x x 0 ? x x x x ? x x ? x x x 0 0 x x 0 ? x 0 0 0 x 0 0 x x x ? x ? x x 0 ? x x 0 x x 0 0 x x x ? x x x x x ? 0 ? x ? x 0 x ? x x ? x x 0 x x x x x x x 0 x x ? 0 0 x 0 x x x x x 0 x ? 0 0 x ? x 0 x x ? 0 x ? 0 ? x x x ? ? x 0 x 0 x 0 x x x 0 x x x 0 x x 0 x ? 0 x 0 0 0 0 0 x ? x x x 0 x x x x x ? x 0 x ? x 0 x ? 0 0 ? 0 0 x x x 0 x x x x 0 0 0 x x x 0 ? x x ? 0 x 0 0 0 0 0 x x x 0 ? x x x x 0 0 x x x x 0 x 0 x 0 x x x x x x x 0 0 0 x 0 x x ? x 0 x ? ? x 0 x x x 0 x x ? ? ? 0 x ? x x ? ? ? x 0 x x 0 x 0 x 0 0 0 x x 0 x x ? x 0 x x x x 0 x x x x x x x x x 0 0 x x x x x x x x 0 0 0 0 x x 0 x x x 0 x x x 0 0 x x x x 0 x 0 0 ? x x x x x 0 x x x 0 x x 0 0 0 x x 0 x x 0 0 x x 0 x x x x 0 x x ? 0 ? ? 0 ? x x 0 0 ? x x x 0 x x x x x 0 x x 0 x x x 0 0 0 0 0 x x 0 x x x 0 x 0 0 0 x x x x 0 0 0 x x 0 0 x x x x x 0 x x 0 x x ? x ? x 0 x 0 x x x 0 x x 0 x x x x x x x x x x 0 x x x x x x x x x 0 x x x 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x ? x 0 x x x x x ? 0 0 x x 0 x x ? 0 x x x 0 x x x x x x x x ? x x x ? 0 x x 0 ? x x x 0 x x x x x x x 0 0 0 ? 0 x x ? ? ? x x x x 0 ? ? 0 x x x x x ? 0 x ? x x 0 x 0 0 0 0 ? x x ? x 0 0 0 x ? 0 x 0 0 x 0 x x 0 x ? x 0 0 x x 0 x 0 x 0 0 x x x x ? x x x 0 x ? x x ? x x 0 x x 0 0 ? x ? x x ? x 0 x x ? 0 x x x x x x x x x 0 0 ? 0 x ? ? 0 ? 0 ? x 0 ? x x ? ? x ? 0 x ? ? 0 0 ? 0 ? x 0 0 x 0 ? 0 ? x 0 ? ? ? ? 0 0 0 x 0 0 0 x x 0 x x 0 ? ? x x x x 0 0 x x ? 0 0 0 ? 0 x x x x x x x 0 0 x x x x x x x 0 x ? x x 0 x 0 0 x x x x 0 x 0 0 ? 0 x x 0 x x ? x 0 x x x x 0 0 x x x ? 0 x x x 0 x 0 0 x x 0 x x ? ? x x ? x 0 0 0 x ? x x 0 ? x x x 0 0 0 x ? 0 ? ? x x ? ? 0 ? x x x 0 x x 0 0 x x x 0 x x 0 x 0 x x 0 x x 0 x 0 0 0 x x x x 0 ? 0 0 0 x 0 x 0 ? 0 0 ? x ? x 0 0 x 0 x x x ? 0 x 0 0 x 0 ? x x x 0 ? 0 x x 0 x x 0 x x x x 0 0 ? x x x x 0 x x x x 0 x x 0 x x 0 x x x x x 0 ? x 0 x ? x x x ? x x 0 0 0 x x x x x x 0 0 x x x 0 x x 0 x 0 x x 0 0 x x x x x x 0 0 x x 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 0 0 0 x x x x x 0 x 0 x 0 x 0 x x 0 x x x x 0 ? x x x x 0 ? 0 x x 0 x 0 x x x x 0 x 0 x x 0 x x x x x 0 0 x x x x ? 0 ? x x 0 0 ? x ? 0 x 0 ? 0 0 ? 0 x 0 x 0 x 0 x x x x ? 0 x x x x ? 0 0 x 0 x x x 0 x x x x ? 0 0 0 0 x x x x x x x 0 x 0 x x 0 0 ? 0 x 0 x 0 ? ? x x 0 x x x x x x x x x 0 0 x x ? x x 0 0 0 x 0 0 x x x 0 x 0 x x 0 x x 0 x x x 0 0 x 0 0 x 0 x 0 0 0 0 ? 0 x x ? x ? ? x x 0 0 0 x x 0 x x x ? ? ? ? 0 x x ? x x x x x ? x x ? ? x x 0 0 0 0 0 ? ? 0 x x 0 0 ? 0 x x 0 x x x x ? ? x ? 0 x x 0 x 0 x ? x x x x x x x 0 0 0 0 x x 0 ? 0 x x x x ? x x x 0 0 0 0 0 x x 0 x x ? 0 x x x 0 x x x x 0 x 0 x 0 x 0 x 0 x 0 0 ? x x ? 0 x 0 0 ? x x x ? x x 0 x x x x x 0 0 0 0 x x x 0 0 0 0 x ? x 0 ? 0 x x ? x x 0 0 0 0 x x x x x 0 x x x x ? 0 x x ? x x 0 x ? x x x x x 0 x 0 x x x x ? x x x x x x ? x x x x x x 0 x x ? x x x 0 x x x ? x x x x 0 0 x x x 0 x x 0 x ? ? x 0 ? ? ? 0 x ? ? 0 ? x 0 x ? x ? 0 x x x x x ? ? 0 x ? x ? 0 ? x x 0 0 x x x 0 0 x 0 x x x x 0 x 0 ? ? ? 0 x ? x ? x ? x 0 x ? 0 ? 0 x 0 x 0 x ? ? ? 0 x 0 0 0 0 ? x x x x 0 0 ? x 0 x 0 0 x ? 0 x ? x x x x 0 0 0 x ? x ? 0 x 0 x 0 x x x x 0 x x 0 x x x x x 0 x x x x 0 0 x ? 0 x x 0 x 0 x x x 0 0 0 0 ? x x 0 x 0 0 0 x x x 0 x x ? x x x x 0 0 0 ? x x ? x x 0 0 0 x x ? x 0 0 0 ? x x x x x 0 0 0 x 0 ? ? x 0 x x ? x 0 x x ? x 0 ? 0 x x 0 x 0 ? 0 ? x x 0 x x x x x 0 x x x 0 x 0 x x x ? ? x x x ? 0 ? x x ? ? x x ? x ? 0 x 0 x x 0 x ? x 0 ? x x x 0 x x 0 x 0 0 x 0 x x 0 x 0 0 x x x x x x 0 x 0 ? x x 0 x 0 x ? ? ? ? ? ? 0 ? ? 0 x x ? ? x x ? x 0 x x x ? x 0 x x 0 0 0 x 0 0 x 0 0 0 0 x x 0 x x 0 x x x 0 ? ? x 0 0 ? x x x x x x x 0 0 x 0 x 0 0 x x ? x 0 x 0 0 x x 0 x 0 x x ? x 0 0 0 x 0 ? x 0 x x x 0 0 0 0 x x x x x x x x 0 0 x x ? x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x x x x x x x x x 0 0 x 0 0 x x x 0 0 x 0 x 0 0 0 ? 0 x x x ? 0 0 x x x 0 0 0 0 0 ? 0 x x x x ? ? x ? x 0 ? ? 0 0 x x x ? x x x 0 x ? x 0 x x x 0 ? x ? x 0 x x 0 0 0 x 0 x x ? x 0 0 x x 0 x x x 0 0 0 0 x x x x x x x 0 0 ? x ? ? x x x 0 0 0 0 0 0 x x 0 x x x 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • CobaltStrike.HM
  • CobaltStrike.SVA
  • Gamehack.KT
  • Kryptik.DVN
  • Kryptik.DVS
Show More
  • Quasar.BB

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationProcess
Show More
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Anti Debug
  • IsDebuggerPresent

Trending

Most Viewed

Loading...