Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.CobaltStrike.TQ

Trojan.CobaltStrike.TQ

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.CobaltStrike.TQ
Signature status: No Signature

Known Samples

MD5: 4468a55bb1454a866f6cd4d6f996fa4e
SHA1: ae07be5dd06e7961bc3b1dd5d39a53795ef4e327
File Size: 7.08 MB, 7084544 bytes
MD5: 63e838409311c53c611cfec6b3119219
SHA1: aacf54f8e366d7110893f42e05dbc0cb01937abb
File Size: 3.00 MB, 2996224 bytes
MD5: 7042d0edc72ccc2a443676771871d94c
SHA1: c634943a521dd962a978b93362e74318dbf3f0c4
File Size: 2.88 MB, 2876416 bytes
MD5: a21170b8291b24cd0ad89697021681ea
SHA1: 77867b0883d4293a1e1f6b730ab5cf120e48b373
File Size: 2.85 MB, 2854912 bytes
MD5: 25d773aa1bfe0456e3f0d18c567f4f3b
SHA1: f7e49317dfc10f9839e3cec4d4349ae2a0c26a4b
File Size: 4.94 MB, 4942848 bytes
Show More
MD5: f7dffa236965af6e98fc61a19133c322
SHA1: ebe43494e6a68b6cc5c176a2c16473d1e059eaff
File Size: 2.69 MB, 2688152 bytes
MD5: 64c41a8eb17a518c09fc21dd02647cca
SHA1: a5798a5440d0322c59cfc07bffc98d9dd9c82816
File Size: 2.65 MB, 2649600 bytes
MD5: 161b7618d6a5b60179ce4c384cd85ccb
SHA1: 254624c288859f4a44c8a4e8ce14c7a80e3dfc54
File Size: 2.62 MB, 2622976 bytes
MD5: 5bc9a6d5dbeac60968e907b0fb857ed0
SHA1: 7cb1e91052caa8072af4d68e445eee6f3fedc052
SHA256: E63AA47BD440281C5B19158D57B1C5E09F363347F5A0882F1024459FFF0D32F1
File Size: 2.90 MB, 2898720 bytes
MD5: 8a80636bb88f1155ffc1698379021c6e
SHA1: 40f4848f4a9f723dce7225c007594a5442706a2a
SHA256: F808BF0D12CDEB3468FD2C98F86DCB302C885164B0AADE55891480B73FF687A4
File Size: 3.20 MB, 3198976 bytes
MD5: 06875dc588f80b5e40404420af396e3a
SHA1: 9fbc0b0596822d23cdba95507b36014fedebea78
SHA256: BA88C267C441CC5A621AD21BFFCAD1B0344F59A5C6C22D7A2A303EFD96414CC2
File Size: 5.45 MB, 5453312 bytes
MD5: 9950aacabfb82d4db7dfb1628f393278
SHA1: 8eb4ad1cacb60db9e781c356978289f6a94eae70
SHA256: 40677BA8BA673F38A7884941280D8EDA4D1D2E7F1CD34659C45C596C3DFD1F46
File Size: 5.51 MB, 5510712 bytes
MD5: abc0954f256aa156123cc2fcc90fd2b9
SHA1: bb0ae1054f7c82abc26897351cc1bd7e916772db
SHA256: 14FF3C52589051778F0C033A3156FF081056E8794E65E2145C641ADB5CA5405D
File Size: 5.26 MB, 5257216 bytes
MD5: 732a1f66025c713163f523205329f7da
SHA1: 78e2b3e46b9d744cae40b75f444bc9095d94f607
SHA256: D5DAD36A1C13C530646E574E3EB5D663BEF8FB12E9461B61977818A3E4C6440A
File Size: 2.70 MB, 2695168 bytes
MD5: 742ed6bc9f66915f72fb6f8f263dca86
SHA1: 94642bf31f21e9dc9d13d1f825446e173e608436
SHA256: 4E60EDCFB112BD78A2310B466EEB5A1209B9EA71BD6830FCB11BD583E879AA1C
File Size: 2.89 MB, 2888472 bytes
MD5: 083d5895283755a910b5c59d60a5348b
SHA1: 0d94bf4d0418061907ff7977e3f25a463cb25188
SHA256: 9639F7EBC6A6D69D7BF5B8BC869E7783A1406088F192868624AD8919E9BFD1D4
File Size: 7.08 MB, 7084544 bytes
MD5: ab4dbef057c15c3b43b2588fb1c79e25
SHA1: 26f01fbee5e2fdae370f13f14d72c6d0552be509
SHA256: 4A23A750F95ED0EF608EBFD17BE264897FF8CE9F0FC3732B6ABC7D4CE32AE0B3
File Size: 5.27 MB, 5269600 bytes
MD5: dbae0bcceaa0d2e16b116a64604805d5
SHA1: 9b473ce3d3dea70efb3c6f6af8fe98d7512265be
SHA256: C96BCA0814FC8F5BEAD87D00ECE9703EDFA7AB4149FC7B35A38F7C85FE32DE6D
File Size: 2.85 MB, 2854912 bytes
MD5: abc4ed16927b9f12b335540825569100
SHA1: 72c3900a97c44d096c2baccf8af3abad6c6190f5
SHA256: C91716FF9F459576B49FFEF4A4893EBF5CB5D0F3AEDA591F2981482DE34DF605
File Size: 5.47 MB, 5469184 bytes
MD5: 7180db2500753bacfd55269cf0e89d92
SHA1: 124b58cbdef1532231de893edc09772911a5f315
SHA256: 13FD2C1B321530A0B0BFC9206AF7F864051064ABA8553C5E6DE7AB511DDCA661
File Size: 2.93 MB, 2933360 bytes
MD5: 7adf52ccbb6a473e347a67fb186db0e3
SHA1: 9ddbff6ff044ec3e733e6796b3304fb36db8371b
SHA256: 41C0FFD6D43ADD46BB5108D283A6E6549271927C6ED31818CEC129B278583D80
File Size: 2.67 MB, 2673104 bytes
MD5: edc29fa9ba4563c2106d2557ddafa3b4
SHA1: 35d056c7d231cc7cc8bd1437a54e4cdd5b12f041
SHA256: CA7809B7E1513457A82EF2FE3F10D407C1622764A4C8F88808C672E6A04AD946
File Size: 2.67 MB, 2669056 bytes
MD5: 70ca5601f02b1ebc251a683c2dba1802
SHA1: 5b9742c0a0f990c8075ba5474f72fc5a2cc6b397
SHA256: D711A8D8A245E3D6B787FB2B89070D96238758084951274AFF88C0DE56FE321F
File Size: 3.02 MB, 3019776 bytes
MD5: ee49871e53bb83a59c992e6bc1fcdac6
SHA1: c135e092191f5ba02da14b5ae517b4f6aace60d7
SHA256: 1214268764F9252CA840F1CC7E9B3698ED55F059802FA7AB7442F61144D898D0
File Size: 4.94 MB, 4942848 bytes
MD5: 6b98fa898ad999020d2649a3be099631
SHA1: f3ee6835ff564db0466848faaa1c04aba36cec2f
SHA256: E6B958BABAFCF3B19CBF1D77EAE45098E5DA35E54AA0376BEDE22745076252F9
File Size: 5.40 MB, 5396992 bytes
MD5: 8ff39ca19fe8aae8f213390b33940efb
SHA1: db6bfa39b7b3e0d95d04c554129bc2181629354a
SHA256: BA4D7C169FA59B48DAF94E20353F435530F789F1F2E6CDED45A59038ECFBA5A2
File Size: 5.17 MB, 5166080 bytes
MD5: ba54528e82784aebe4171da42ceaeda5
SHA1: a043a0abd67b73e6d50669bb775ec431f9000581
SHA256: 56E136E61A2D40BD4EF464EBDE593A604F88405381680A94F0ACDBF11BDCBC1F
File Size: 3.20 MB, 3200512 bytes
MD5: 9344df74be960efa0c9c0308911273ff
SHA1: ffb2e44a4d715bafcbb5e0fbd409003b69f2d7c5
SHA256: 36EB22E8BAD9916475CC6271AEF80FD590807848966D7FA8F6FA9D9E8FED50A7
File Size: 3.20 MB, 3200512 bytes
MD5: a9284cb4ca3d616d38ce627c9e223eb7
SHA1: c0595864bca4b93f473bbfd6567b99737816dd07
SHA256: BDDFA53C6D83054856000E82FA3BDF3347D5318524D2B1EC3089CA49C0C568AC
File Size: 5.26 MB, 5255680 bytes
MD5: 585b2c10d666a3ab2cb317364d05e1b2
SHA1: cf6599fa9777a3d3c61219dfe1116e6d1045637d
SHA256: 69D97FE7B6B1C42EF94182CE7404DC43624E039505850723DC1E48E95DE3D50E
File Size: 2.57 MB, 2573824 bytes
MD5: f6497a1e5ac289bc653bfe6a8821f6a4
SHA1: 7f05fa8d96c194839bf6e05940d21d3b8febd653
SHA256: B1F2F53C07802229E0712A749B44EA7B19056EB36740EEA0A2D64FCE239E7D54
File Size: 5.26 MB, 5257216 bytes
MD5: f61c676a10b85fe47c8aeb8c5d4ca451
SHA1: 7a38e3e262dea7a9ba75d3be94b4d2b57734747e
SHA256: A33CD7960F321B22B04A8290E320DA5DD9B53EC1D9F93A508CB1336681718DA2
File Size: 5.82 MB, 5815752 bytes
MD5: 62c6fc7495ac846ffb38c7c4eb87b0fc
SHA1: eff9674484630aadacf280e21eb52db9715627f9
SHA256: FCBF1E7FB170752101D3ED7A706FC65CF25846F5F8DD78190298C669AA727E6B
File Size: 3.20 MB, 3200512 bytes
MD5: c5f66e3925125c6a0ced8b6ac53dfded
SHA1: efb503da5aa5c3afbec5893adabd4b9c00e839e5
SHA256: C7F88B23AFCAB5D920D0CCD00F4353AAADEE91FCD51CD9B2986EC57DC92D9CAE
File Size: 3.20 MB, 3199488 bytes
MD5: f8678fc5127ebd68b0f04bc271342a7c
SHA1: 7795e600832f7d3b7e8b3a5af42740289ace5805
SHA256: 0E79984F4CA4CE625E65B4B2BDF692F8302FF1460E9808B108A8C80C104DA7B6
File Size: 5.82 MB, 5824648 bytes
MD5: 36cf877953e8661b9d0f873d7a874014
SHA1: b6337861113910e3d1f93b885e376906d6a2fafb
SHA256: 9EF1E6722EC8740F11EBA76FE499D5A35ED88A4437C919A5344CD903741C2A33
File Size: 2.67 MB, 2673880 bytes
MD5: 6fdd27e538129d6f02786ecaebbd06c8
SHA1: 3cced5b288874ca53f836e706fe6a49ff613c19e
SHA256: AA6A2ED6DC3EAC76AB5627AEC82CC2E2EAC077A9F314C82811076B542CF7577D
File Size: 2.67 MB, 2673880 bytes
MD5: a86d40f2098b5da7172016d897d07aa9
SHA1: adf99e1620d4c092db281050971f361b145e61d5
SHA256: F9449C0786E377BDCADDA695F34452CB76CE8914BA60653AD47827436CAA69A8
File Size: 5.73 MB, 5726208 bytes
MD5: c16329e908a1788cbdab0d30a4bdd71d
SHA1: 21b430e4934706ba310ad67a4a52e7bb954aad67
SHA256: 557F671DC6AEAAE230F305D28056C4F433A355711D245C3CB6B7A6308E884CB4
File Size: 3.20 MB, 3200512 bytes
MD5: 618d91b8a47b9d45b52524600fe82584
SHA1: 7c303c8127512a587fad79889fc194b832e6dda8
SHA256: 189BBA0D01EDF0C85AF23C949191D14AC7E10EA33825167C8EF9DEE77FC259D6
File Size: 2.67 MB, 2673880 bytes
MD5: e8a707b3eb42dddbb441a91146fc15ad
SHA1: 0797b9dc5907f25e81bcec30424e91cc08164b21
SHA256: 46079EC675911E86612A96F6E0782D6B38B6E4C512CE7BDDAB4194A0A4C0AD90
File Size: 2.67 MB, 2673232 bytes
MD5: 7a448326235d378b76290f62995eb9db
SHA1: b36bcf8713998f38c7f61959e4be21f7880b9082
SHA256: A987DACA022E6B878D4EAA17CDB3404CD127D1B8EE19A9D211AE03F56243A6C0
File Size: 2.68 MB, 2679656 bytes
MD5: 4555e2c992b0320df42ba6faf2626bbd
SHA1: ff96418060e3f949b11820612645afff80e525bf
SHA256: C0C1399C26B9E8E34F2891EB36F27CD73EA799072E4A0900D32ECF12A72569DD
File Size: 2.97 MB, 2971136 bytes
MD5: ec63f120c8ec0ff355704b965057253d
SHA1: 0af14e03d41d89eaa8abfb4790f580e63354b8b3
SHA256: B576B2E8127BCF061FE6365BD69D3A98304E1216B641FAD4B43F60944D1B3BF4
File Size: 2.68 MB, 2679376 bytes
MD5: 9a83e6c71c0352a999ca54e184061f06
SHA1: 8867b0890e815a77241e9323326d96e1fcf74c2f
SHA256: C449F32DE047E5220015633247CD3D1E7F01CB0249BA23570DB8D602D5F58ADF
File Size: 2.69 MB, 2692608 bytes
MD5: 5071e2de3a427cd3387c9ec19cfdab3d
SHA1: 906ff5a4c836cf9defec850404fe2d963810c78f
SHA256: 4BDDDBAD5E14C3EE84EB1D0625EAE325F2E722702D5FD6223AC33F987B5D5347
File Size: 2.67 MB, 2673880 bytes
MD5: 36822712c0923ee90f04882136c850b8
SHA1: f1da6ffbea729b520cb7446c6666fed050995216
SHA256: 7D2D5F0C1CF5EFACDDBA08F0410CD979D227B27DAD78BEAFCF6967914D295C06
File Size: 2.67 MB, 2672720 bytes
MD5: af1d68dbc2ed8e32a4facc8894629921
SHA1: 573d2a73ded3a0ab6822aadef74489a6aff30b0b
SHA256: 5EFB15544A0C7B02A3567424DD732C612AE5F0BB93F986555CE933B10D450E44
File Size: 954.88 KB, 954880 bytes
MD5: cb2ead77989133028edfebed1e9ac18c
SHA1: b5ed90be5aa76e25578be78926828155b3e234e8
SHA256: 7AA61E3FA16483FEDAE0ACC95606134C712774D3A4CD4AAEBDAB6A40EE6FD352
File Size: 2.70 MB, 2697216 bytes
MD5: 9a40b4040dd3df9c988b988435eb3b2c
SHA1: 8e48e7cffc388dae8604fd8eb42b7fb0a9686f3b
SHA256: 5E764C3155123956E3923B85A303BA36D07154ACAE096F039864A3DA108DA967
File Size: 3.02 MB, 3019776 bytes
MD5: 20fdcbf9998b87f351e53a9f07254035
SHA1: 18fc602401e4acfebcf9d09ed3293e52cc06744d
SHA256: 240EFF5EABD176831E6FBAA6307EBB6A609FF424AC7A59F96273085C067EB716
File Size: 2.87 MB, 2874880 bytes
MD5: 8dba1c7629f5fbac855563d4dbc93eec
SHA1: 59b77da4b75aae9ef7b7256a491f90138e9f9256
SHA256: 67FB88A10192C7C29318E1655E6BFB17F44C8CC8EC2D55C1A3C737C599B1217E
File Size: 2.68 MB, 2681440 bytes
MD5: 9f4f0dd9409d7918a8226f61bf1a536d
SHA1: 2a50e15a61429408cdf49ea1dbbf2e048feac1e4
SHA256: 8EF4DF56BFD54B314BBF1942662AA9D50F67AC9FB7970AAC9B9E63F86E944B86
File Size: 2.68 MB, 2679888 bytes
MD5: dfe1625e175e1987ebdc1cf1c63ce5d8
SHA1: 6dc549230349d2da794a3f09814a35a0254a80ad
SHA256: FCA57F29BEA5CAA41625236D9DE58B2A7608DC1583D38A28EF3B22602D961903
File Size: 3.20 MB, 3200512 bytes
MD5: ce64748d86f6bd633f122ea3fa5a914f
SHA1: 144e9ae38ffd8beaa4de2693715676049d1914ab
SHA256: 411CFB7AE4EB3BDA4FE21E85ED14323F133D4C55707F5B513227DF6F1D62E6FD
File Size: 2.68 MB, 2679888 bytes
MD5: 7767602c1a97895388c25ded055b0b77
SHA1: b1e21d7103e4f837d8c8c23f5f1b751100d7820b
SHA256: 2FF01871531EDA8A09CF66C7225DAC3311FCCD4F67C0EEBEDBEDA1391A01B897
File Size: 5.26 MB, 5257216 bytes
MD5: 91cb0c73400d9561e12191f8f355ca53
SHA1: 8cac62a6d0b5ac20e96db7ba303a9959c39a47f9
SHA256: A76F625BE3AC8BB5FB4088E9859F7B2AD01DA0B1F9C4751CC58B53BFCD27FE7C
File Size: 2.85 MB, 2853376 bytes
MD5: c2b50acce869d4c19b9f83f7da0b1e78
SHA1: 1b3c99f33731ba15163ae150c7fbb8dee2ae2623
SHA256: FA52CD0646D0B0AB67E9B102C6087EEF3AE18C0A629E9CF58DDC19678A3220E3
File Size: 2.63 MB, 2628096 bytes
MD5: 7cd3625c0a5e64913dd543cd7e119cc9
SHA1: fba3f1b2f9458fdfe9906875457875d9916a0118
SHA256: 8BCD4EC860A0034AEDBEECA5688C682B8EE9BC5BFC7D8FFBE4C8E161EE99AD7D
File Size: 3.05 MB, 3052968 bytes
MD5: 36d263245dc257aa4e076ffc116c4c47
SHA1: f751f2722685dd791b5379716c1699c0dc83ea0a
SHA256: 3ECE84F4428E6B524029EC9563851EA6B1FA3B741F06C90FF800010E2E0B328C
File Size: 2.85 MB, 2853376 bytes
MD5: c92052cb476eed4c310f1d84020f1883
SHA1: 49d20147914a66d433b7a2f708e0fd88c96a4ddc
SHA256: 88AEB309DB1976E24E0B8444C34AC2F2481C41139643A858EB4C98226D1F1647
File Size: 2.87 MB, 2868736 bytes
MD5: ab943920f96a90e50a368e128a8717ce
SHA1: 858d8b4a31fa746a85c9c8336d59bd5a550a8086
SHA256: 1EBCFDDAD6CA2B49EDFEACDFB3E9F074333729B965D637AA44ECB8DF3626EFE9
File Size: 3.44 MB, 3436344 bytes
MD5: e5ee03a2ba9cc4bfd61ad896f9994308
SHA1: dc09c8f8cde4ee53853cc928a04c0dc71db89e82
SHA256: 9E59D8D038A52E73E13CE957BC22A6CAD5BFB69E68E42A73D5946861D56843AF
File Size: 3.20 MB, 3198976 bytes
MD5: c0134d03b97a685d576f46ac4342b71e
SHA1: fa0e126b57c7b974cf771c735474d8ac8196dcbe
SHA256: E9AB8239F37A3D97A10844B6E939DDAF73FD5F6BF60F9302862E69BECFBF088A
File Size: 2.70 MB, 2701256 bytes
MD5: ff5dad9d8be4f6675cd1db1515ec44c8
SHA1: 5b01caa9db951efb82e499bcd6a2d6829763b4fe
SHA256: 85C70AEA89686C30D64BDBC3EA5FAC9BF2A5E6729D6203C6DC116F0748E1E95A
File Size: 3.20 MB, 3199488 bytes
MD5: 5a8bf2df30bb7708557377d7b1400bd8
SHA1: d714c5969c3554b98134ff0c603fec2bf697915e
SHA256: FC21A103ECC58048BB6D431CBD4BA89F2C69F97F45BA2C1B0810D657F50C29B8
File Size: 2.73 MB, 2733848 bytes
MD5: 079ca0c65e4e071b9c9ecace5172dcb3
SHA1: 3f20d280832754949b0622efa8efa5351bfde8cf
SHA256: 7700695419658ABA6960EB81699A02C5FC88F313D0422F05C24038DB489B569A
File Size: 2.91 MB, 2908968 bytes
MD5: dd6e341731eea49d591069f699c6a255
SHA1: d2dd86f3c03dcf57aa93d7e19dfcbab4a9a23282
SHA256: FD60AA4FC4D759D5F77F71FFC7D5E9ED89DCBC0B044BE99EBF37A53764F40E76
File Size: 2.85 MB, 2854912 bytes
MD5: b85ae60618070578aedf0f09cefd85fa
SHA1: a26f8ce13ce55d5e392b7facb6dea6263f1aa33c
SHA256: 6D4F315E1DF9F072352BD13E3CF0027AB9C5EA77243A9FAEE0A1CEF3B28A9700
File Size: 2.87 MB, 2874368 bytes
MD5: 8c3c29cb36b47392edcd52c5aa540a62
SHA1: 5e2f0d877737becef9e710281fca4bf2f855c979
SHA256: 803B90BE4767757819D2BE13B6D6A36D1AF1383495A31A5932CFD50BACB4C717
File Size: 4.94 MB, 4942848 bytes
MD5: 4398e82c743b45e5f573edf6d1628b6f
SHA1: 61733088084ecd573486ccaf7036c8b6cc3ed007
SHA256: 25F6157AA6832EE09D9CDE8564EF5DE130B6890725714FD80EF958EC2A7FE116
File Size: 5.26 MB, 5257216 bytes
MD5: 27387c50485820f74f90412d830692ca
SHA1: acf852da391157455929dab9f5c28cf307258494
SHA256: 2391CCEED13ECCFD5EB3F50BE5AE36592D37DD2A52A1A3C24B1C78C02383B90E
File Size: 2.66 MB, 2656256 bytes
MD5: 2f6cd493b67b8d27be1a82c75b9316d0
SHA1: 71230c582987e0e23bb20812d293bb1ce1bcdb0a
SHA256: 61AA1BDC63314CA6241028652C78498AACCC3CBEF5E2017710DBF73F8316EF3C
File Size: 5.27 MB, 5267968 bytes
MD5: d968f759a38e1b9d75e976f7b1511e6e
SHA1: e2959170e7470cd8fea89d51f87078d9f20c7ac4
SHA256: E97D2EB5875BE4A0348EA56E67290B0D6351C094BF55ED96045B796AB4A310DD
File Size: 2.85 MB, 2854912 bytes
MD5: 8a9c8b90fdfa1d069226fc229737a4fa
SHA1: 1f34e73f624f9f6039f7b7fc7916649c877d97b8
SHA256: 6B65BEB56E781A8F975A20B54DEAB33C8DC787BEB6C7A3F86CBB2A837DE13B26
File Size: 3.02 MB, 3019264 bytes
MD5: e87b831ff0884de042e9bf771e8d5820
SHA1: f59d3a60a45a094b6b36452a6d4ad8d55606976c
SHA256: 5E48F9505D0C815F8F84398F420B9C4833DDD5F6E8B8A7745636B829241C624F
File Size: 2.85 MB, 2852352 bytes
MD5: 96d991db43c979d5926b5323f36c6fc0
SHA1: 9f45c716b9b45978bac68b031a3412fe18c7640c
SHA256: EBE48F8D02E48988857E7372B3BFCD68A6FA1E0C9478D75C5CF910A808418526
File Size: 5.39 MB, 5394944 bytes
MD5: 613cd9eafc7e97fc2272c224aa7e9401
SHA1: 869bc800782e7163de9fbacb52ebafc1351b25de
SHA256: 19112759369AC81DDC8691AF180F564E76B167E00C5E24799D98982DB16579FC
File Size: 2.96 MB, 2957824 bytes
MD5: 4f73edab074e21c855f91ba44795870f
SHA1: f24e65313f385c0dadb4082e078d8e393c4f8059
SHA256: 75B40B626F2689FD5ABDE4EE162EC0B992CF7E290ADF1D2A861A1A22B0FFB899
File Size: 3.20 MB, 3200512 bytes
MD5: 8948feb9d615e9bf1c98bf10319eaa45
SHA1: 8a2747eb24c023a76c414cbe32f504daf9409646
SHA256: 49AA33C1ECABE455CE15218A632BA740B968D144AF85E02E42E9706368918D6D
File Size: 2.85 MB, 2853376 bytes
MD5: 24f0663c152a9d4a521eba959350cca4
SHA1: 80204abde0a2a7d0441a15fb95da724a0cddc1d1
SHA256: E979BE78BAF6710603A361CDFBE11F4D7A6B376FB40D3A5D3B8B874A2C6132C4
File Size: 5.26 MB, 5257216 bytes
MD5: e288bd0b9bc28b0d5dfdffd4960c09dd
SHA1: 4c523b7026a766aa7820920a2beb43a1c112e58d
SHA256: 73003CC700CE67E0DD7E8DE7C43ED649430CC8A49F1DA1EAB41AB42AC3A2D742
File Size: 2.85 MB, 2854912 bytes
MD5: 3cb91b50f86d6deb902ff070b465c9c9
SHA1: 120ce25789d051203f0d55ae62050fefd7131819
SHA256: F0AF5BFAD86C35A9468F365A187874FEA7A4316D4A5C5DFF3823539290E6F46C
File Size: 5.26 MB, 5260288 bytes
MD5: 72c0daf77a048fa0723cfd7049a46775
SHA1: 201a7136d6a6d4e17a49e948ad3059c0c9a4ac21
SHA256: A2F298C08C14FCE8F8CB6B5CCA1501BB8A0CA422EB6D69DC19900B74619BA557
File Size: 2.72 MB, 2722304 bytes
MD5: 3abbd0a27947ffd9918fcd28cfe14934
SHA1: 45e745495fcf4b9573b01fd4d2ca04cb0e2dd7f5
SHA256: C33B42873FB62B8C4416201C57B0219E8817A82B6C854A9EFF436EE1074CA47F
File Size: 3.20 MB, 3200512 bytes
MD5: 55a41e7f125e336c1980875cbcc6e51c
SHA1: e7a49a3973d96144354d4a0cd085cd5e398143cd
SHA256: 21C53367BD7222C0A4D89DD0C42B3C22D6F0DAA37EB7BF196529ED814EC4A255
File Size: 2.90 MB, 2902888 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Audio Service
  • Avast
  • Company...
  • Easy Anti-Cheat Service (EOS)
  • Google Chrome
  • Google Inc.
  • Microsoft Corporation
  • Microsoft Visual C++ v14 Redistributable (x86) - 14.50.35719
  • Microsoft® Windows® Operating System
  • Telegram Desktop
Show More
  • VideoLAN
File Description
  • Audio Service
  • Avast Installer
  • Description...
  • Easy Anti-Cheat Service (EOS)
  • File Picker
  • Google Chrome
  • Microsoft OneNote
  • Microsoft Visual C++ v14 Redistributable (x86) - 14.50.35719
  • Telegram Desktop
  • VLC media player
Show More
  • Windows Explorer
File Title
  • chrome.exe
  • chrome_exe
  • DrvAudioService.exe
  • EasyAntiCheat_EOS_Setup
  • explorer.exe
  • FilePicker
  • microstub
  • onenote.exe
  • setup
  • Title...
Show More
  • vlc
File Version
  • 197,0,7151,41
  • 137,0,7151,120
  • 70,0,3538,110
  • 16,0,13231,20262
  • 14,50,35719,0
  • 10,0,17763,1
  • 10,0,17134,765
  • 6,0,2,0
  • 3,0,3,0
  • 2,1,133,0
Show More
  • 1,3,0,0
  • 0,0,0,0
Legal Copyright
  • Copyright (C) 2014-2025
  • Copyright (c) Microsoft Corporation. All rights reserved.
  • Copyright...
  • Copyright 2017 Google Inc. All rights reserved.
  • Copyright 2025 Google LLC. All rights reserved.
  • Copyright Epic Games, Inc. All Rights Reserved.
  • Copyright © 1996-2018 VideoLAN and VLC Authors
  • Copyright © 2024 Gen Digital Inc. All rights reserved.
  • DrvAudioService LLC. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Legal Trademark
  • Trademark...
  • VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
Product Name
  • DrvAudioService LLC
  • Epic Games, Inc.
  • Gen Digital Inc.
  • Google Chrome
  • Google LLC
  • Microsoft Corporation
  • Microsoft OneNote
  • Product...
  • Telegram FZ-LLC
  • VLC media player
Show More
  • Windows Explorer
Product Version
  • 197,0,7151,41
  • 137,0,7151,120
  • 70,0,3538,110
  • 16,0,13231,20262
  • 14,50,35719,0
  • 10,0,17763,1
  • 10,0,17134,765
  • 6,0,2,0
  • 3,0,3,0
  • 2,1,133,0
Show More
  • 1,3,0,0
  • 0,0,0,0

Digital Signatures

Signer Root Status
ESL FACEIT Group Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Figma, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Google LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Rockstar Games, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
COGNOSPHERE PTE. LTD. DigiCert Trusted Root G4 Hash Mismatch
Show More
Exodus Movement, Inc. DigiCert Trusted Root G4 Hash Mismatch
Google LLC DigiCert Trusted Root G4 Hash Mismatch
Telegram FZ-LLC GlobalSign GCC R45 EV CodeSigning CA 2020 Hash Mismatch
EasyAntiCheat Oy GlobalSign Root CA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2010 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Microsoft Windows Microsoft Windows Production PCA 2011 Hash Mismatch
Akeo Consulting Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • GetConsoleWindow
  • HighEntropy
  • Installer Version
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 106
Potentially Malicious Blocks: 42
Whitelisted Blocks: 64
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x x x x 0 x x x x x 0 x x 0 x x 0 x x 0 x x x x x x 0 x x x x x 0 x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DEAA
  • Agent.DEAB
  • CobaltStrike.RG
  • CobaltStrike.SR
  • CobaltStrike.SU
Show More
  • CobaltStrike.TQ
  • Coinminer.LM
  • Downloader.Agent.DTB
  • Kryptik.UGB
  • Kryptik.UGC
  • Kryptik.UGD
  • Reflo.B
  • Spyloader.M

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.133994748194543332.4660.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134128177768319458.7316.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134128177774390731.7984.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134137455048761998.6900.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c Generic Write
c:\programdata Generic Write
c:\programdata\microsoft Generic Write
c:\programdata\microsoft\windows Generic Write
Show More
c:\programdata\microsoft\windows\msautoconfig.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\programdata\windowsconfig Generic Write
c:\programdata\windowsconfig\syswncfgd.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\programdata\winmgr Generic Write
c:\programdata\winmgr\syswinprdrvc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\public\libraries\svchost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\public\libraries\svchost.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_0twrop2u.ptu.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_1sujorhh.pog.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ec4whpij.xm1.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_hxi054ww.k4k.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_l5wjqcpk.ybk.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_poful534.4on.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_xnbmjwyh.oih.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_y5payzvd.fmj.psm1 Generic Write,Read Attributes
c:\windows\temp\2725890.ps1 Generic Write,Read Attributes
c:\windows\temp\2731281.ps1 Generic Write,Read Attributes
c:\windows\temp\debug_log.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ȄܫǛ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 蠋ݣǛ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ฽ްǛ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 폵޴Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᪙矩ஃǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 筩ೡ粊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 攄ഌ粊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 녭ഹ粊ǜ RegNtPreCreateKey
HKCU\ms-settings\shell\open\command:: "C:\Users\Public\Libraries\svchost.exe" RegNtPreCreateKey
HKCU\ms-settings\shell\open\command::delegateexecute RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 蓝ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\ci\policy::vulnerabledriverblocklistenable RegNtPreCreateKey
HKLM\system\controlset001\control\ci\policy::driverblocklistenable RegNtPreCreateKey
HKLM\system\controlset001\control\ci\config::vulnerabledriverblocklistenable RegNtPreCreateKey
HKLM\system\controlset001\control\ci\config::driverblocklistenable RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 蘍蓝ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䩕b赍ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAccessCheckByTypeAndAuditAlarm
  • ntdll.dll!NtAccessCheckByTypeResultList
  • ntdll.dll!NtAcquireCrossVmMutant
  • ntdll.dll!NtAcquireProcessActivityReference
  • ntdll.dll!NtAddAtom
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAddDriverEntry
  • ntdll.dll!NtAdjustGroupsToken
Show More
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAdjustTokenClaimsAndDeviceGroups
  • ntdll.dll!NtAlertThread
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAllocateUserPhysicalPages
  • ntdll.dll!NtAllocateUserPhysicalPagesEx
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcCancelMessage
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeletePortSection
  • ntdll.dll!NtAlpcDeleteResourceReserve
  • ntdll.dll!NtAlpcDeleteSectionView
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcImpersonateClientOfPort
  • ntdll.dll!NtAlpcOpenSenderThread
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcRevokeSecurityContext
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAreMappedFilesTheSame
  • ntdll.dll!NtAssignProcessToJobObject
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCallbackReturn
  • ntdll.dll!NtCallEnclave
  • ntdll.dll!NtCancelIoFile
  • ntdll.dll!NtCancelIoFileEx
  • ntdll.dll!NtCancelTimer
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCloseObjectAuditAlarm
  • ntdll.dll!NtCommitComplete
  • ntdll.dll!NtCommitTransaction
  • ntdll.dll!NtCompactKeys
  • ntdll.dll!NtCompareObjects
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCompareTokens
  • ntdll.dll!NtCompleteConnectPort
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtContinue
  • ntdll.dll!NtContinueEx
  • ntdll.dll!NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
  • ntdll.dll!NtCopyFileChunk
  • ntdll.dll!NtCreateCrossVmEvent
  • ntdll.dll!NtCreateCrossVmMutant
  • ntdll.dll!NtCreateDebugObject
  • ntdll.dll!NtCreateDirectoryObject
  • ntdll.dll!NtCreateDirectoryObjectEx
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateEventPair
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateIRTimer
  • ntdll.dll!NtCreateJobSet
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateKeyedEvent
  • ntdll.dll!NtCreateKeyTransacted
  • ntdll.dll!NtCreateMailslotFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePagingFile
  • ntdll.dll!NtCreatePartition
  • ntdll.dll!NtCreatePort
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateProcessEx
  • ntdll.dll!NtCreateProfile
  • ntdll.dll!NtCreateProfileEx
  • ntdll.dll!NtCreateResourceManager
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSectionEx
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateToken
  • ntdll.dll!NtCreateTokenEx
  • ntdll.dll!NtCreateTransaction
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket

315 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Process Terminate
  • TerminateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

WriteConsole: [SC] OpenService
WriteConsole: [SC] CreateServi
WriteConsole: [SC] ControlServ
WriteConsole: [SC] StartServic
(NULL) ComputerDefaults.exe
Show More
open ms-settings:defaultapps
powershell -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Windows\Temp\2731281.ps1"
powershell -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Windows\Temp\2725890.ps1"

Trending

Most Viewed

Loading...