Trojan.ICLoader.D
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,381 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 54,304 |
| First Seen: | June 13, 2019 |
| Last Seen: | April 16, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.ICLoader.D |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
583806130562e7a1f7bb61a5b407d229
SHA1:
fea6cf05d4756aa33b6a413dd12bb85cc26708fc
File Size:
4.06 MB, 4055552 bytes
|
|
MD5:
40b31d1bf00b447a890c0a1cb80b19a1
SHA1:
7ca7ba7972ec0ad2a24cb493e101dabaad25f235
File Size:
5.31 MB, 5313536 bytes
|
|
MD5:
86639d7e34735932ac540061d32564d4
SHA1:
6eb98a0cb9ae058e04de80439a7f051999530c5c
File Size:
2.69 MB, 2689792 bytes
|
|
MD5:
a8ae65e6ecee60d244cbde59bc87fa35
SHA1:
cfb9497fd562fd800d4ad30ac2ef1171c64c2a32
SHA256:
12A05A07336E1E4833E99C7E5A9A6FC336DD6FA6982784A40E39F95BBB418D48
File Size:
2.23 MB, 2227211 bytes
|
|
MD5:
c4f4698a152f96fcbb1acd49bc5641b7
SHA1:
937f0f693daefe9c336607b1764003feda4a421d
SHA256:
4C6CA843A36E20489D257DBA85CB553E157E19116292CE528DFB2F2B56C80917
File Size:
2.53 MB, 2529438 bytes
|
Show More
|
MD5:
4e32fa0aeade1f1be0dcf994e83d3a39
SHA1:
1810af6d33e92bee5c94359112758d3302b9dea4
SHA256:
86AECE9894565DBE6CE0CC31EC9BB4863701EB1A0CF3DCE09F3714C4FF9655E4
File Size:
2.37 MB, 2369889 bytes
|
|
MD5:
778630727e5744107547ba59aaa26643
SHA1:
4b7b81e036da0ea72bd3397def0af28ee0eefbdd
SHA256:
7AEEFC871999BD6E9B3E6FDC97A2DCABF99F9F02A1036B42A2EED6DFD479E2F2
File Size:
2.42 MB, 2422447 bytes
|
|
MD5:
3c79b8e592ee5a6cea68f9213713c388
SHA1:
0b3cf2aa04104a05ee9d6b47a137ce20fbdf89bb
SHA256:
0A662286FBF809BC3CE0F233269271C21FCC60BE7B5508D430589416F910045A
File Size:
3.04 MB, 3036672 bytes
|
|
MD5:
f2e79b98840610de56498bf20ec1a4fc
SHA1:
22b37f09efc658bf29ae9a18dd5159d2761b3d36
SHA256:
A999CF9FFF93DA42A4EDDE07709A843DFF9EFE1C2261F0CE3954EE97A4C70EE6
File Size:
2.73 MB, 2728668 bytes
|
|
MD5:
cc4ea7ceee569ec2fa9a9cd13b9ae77b
SHA1:
b8c824037324ac935add3f3d9da94e221607c25a
SHA256:
0E78D4C43A3904532BB8E75347D6608DB5AAA02B2FF41F1D109866419C306584
File Size:
4.75 MB, 4753209 bytes
|
|
MD5:
3553d6d76533a4d8a8efca12dbd5b990
SHA1:
b1ac043bd3c1db020ad074c91986a664f93cf4f3
SHA256:
73722C70103B8DB1E78218CDFD2A5DE920CD0D816FD340E74271861EC0D97A7C
File Size:
2.80 MB, 2797328 bytes
|
|
MD5:
6fb224f11e1662b6a5a7de156f9fd121
SHA1:
841427adf878941989598065dc3504812c3ebb95
SHA256:
E53B030F23573A55FCEBE15CA1A4F289D9A2CED04CA3792630B22786C9EA0178
File Size:
6.30 MB, 6295108 bytes
|
|
MD5:
8b0b584b184a2ceae5731c8cfeb24628
SHA1:
c553b2be2ebe4f792f9806d31e80f19c67b54a12
SHA256:
44A21938FA647ED380869D84B8AF10A440C70D9F629B37053080EFE76DD3CDE1
File Size:
4.06 MB, 4055552 bytes
|
|
MD5:
8a16b091dc76ae9a0009eab84ef2a358
SHA1:
d5e2b5b17956821d958d56296408acbfced57349
SHA256:
1B0CCA0AA275D8D06D799E854F102F863F07DDB47C47986234C534C5DAD7DE57
File Size:
2.17 MB, 2167699 bytes
|
|
MD5:
a34b5d575888802eb529b82134c4a69b
SHA1:
53a3233d6075cd6fb0e7d7e4ed5ae6c16f82872c
SHA256:
971F4181D1FB4F03616631B3327EA3F49AABB6F335DF592DD898B2B20B828F5E
File Size:
3.30 MB, 3296599 bytes
|
|
MD5:
ba1c2b03dd1e15d10fe9f6f4610eb259
SHA1:
5844dde3b8a3e693fb0cf64c1e8730ebe6975762
SHA256:
93D6467F160F9E5913BB9685ABD51908C8592BAF12328A8DCA86D1A86D77ACD1
File Size:
2.55 MB, 2549641 bytes
|
|
MD5:
8838f1811df2db2229129944f4e1bb84
SHA1:
42ec22ba18d8a50d79d3aaa6e77ff08506f970e0
SHA256:
3B6D8213FFBA4F3EF77B002824AC28E1D29B6DD117E882BF204A9471B722B050
File Size:
5.29 MB, 5288448 bytes
|
|
MD5:
e77644f62e160b072583e483c382f12b
SHA1:
282c0477a2def40ec571502e09e685b35076b0f7
SHA256:
0A6C1AE6F8FFD1D5199A8ADABE408B2183071E7AB036A838910A4CA9950C11EE
File Size:
2.52 MB, 2516383 bytes
|
|
MD5:
4e01130dd7036db5715d5d15dfad8d93
SHA1:
54d4882982f07a2c30967b72e87668d65f0c4a1c
SHA256:
084818A536A0D7C7255CD1D775573BB044EE6A06E03B4A23845ABEED60FFD657
File Size:
2.49 MB, 2486563 bytes
|
|
MD5:
07cdd3f8a7c62836edec5244f846212a
SHA1:
ea4c02c73001fcbcae94904744a62d9270f07b67
SHA256:
CFDFA9F4C2FA3713AB82E2240A7EC02447AFC9017D411E2F372369402CBA06D8
File Size:
2.63 MB, 2629325 bytes
|
|
MD5:
7c825438ee0278c913693dc6efdb87f0
SHA1:
c212cce73c307b3c8a0f037fd5abdac1f715d1f3
SHA256:
C0FE2166EBDD2521ABCC3547870E5EC79549B35F12AE069F72E242775643EE60
File Size:
2.37 MB, 2372813 bytes
|
|
MD5:
c8aebc8955450a5943c6fceb91f0eea3
SHA1:
0ffdf1c45319eeb35b0eb5e7653f0d98ceee51c6
SHA256:
B6462DF11EC4B35A49168006EE7C9CCF6D94F828CAAE7473F2AC322C9FFC23B8
File Size:
2.48 MB, 2483117 bytes
|
|
MD5:
54f06136917b7495b3ae329d1eb06849
SHA1:
65983c8360e71803c94dcfd1594849878f9b7674
SHA256:
BAB90E293E97C9D273A4C821CF0ACBEC860EDF59A84664539E138E1097DA733A
File Size:
2.60 MB, 2603802 bytes
|
|
MD5:
016941dacb882b9fa27a66e159ec1cc6
SHA1:
3f60d3fcda8b3dd0735f05c2354fb34bec4c2f4c
SHA256:
C6C3316A6F7C3603D99E566B6938A415163F95DA41744763284F2A7352B9B573
File Size:
2.45 MB, 2446040 bytes
|
|
MD5:
0c4f1dc6de8c7c98741bf8c1adcf7789
SHA1:
3639997b2e0e3efab360db5b26f2b02af6691a46
SHA256:
39AF17E9E9C308611AC1F04683509DAF3531A7AA415112124BA35097AFDFDD4A
File Size:
2.24 MB, 2237441 bytes
|
|
MD5:
7025e2cd9b90f69ecb6b1bf19e715f29
SHA1:
9235f1c2622cb4bfbcf026d34e37bcada53d51eb
SHA256:
0F1A45A544188A9DF8D35BD78CB5F66332E8CAEBC132A963085B8DB1675A0C29
File Size:
5.58 MB, 5575680 bytes
|
|
MD5:
bc7911bc12c521c91b44049a8c4d9ccd
SHA1:
010daeed02200fb0547d61d6c33db73aa3a60e74
SHA256:
F5A06826F94F020DBAD438893C2DC55CBE4DDCD49636C81D19A3C1AC65697F49
File Size:
2.18 MB, 2176699 bytes
|
|
MD5:
454d46c6ca3962c458636fb4337573a0
SHA1:
e378d1583c6cc3a4b466ab1e9384c745b2b7beb8
SHA256:
4BA4B27B57A8B2AB6A436E9477C495447AC1BB62CDECC64F39638971BAD6D6C8
File Size:
2.71 MB, 2713987 bytes
|
|
MD5:
743c7898c08eeaec3fcad40ba33ceb60
SHA1:
834d616b1d73290d14c2b1d4e4d13862f15925bd
SHA256:
0D19B3B1C378143FB6B7BC5DCBA775569436E4DBFB2B750DCD897C8F4C32EFCF
File Size:
2.72 MB, 2718082 bytes
|
|
MD5:
dbd07c0f7ddf35f9cbad936b372c1739
SHA1:
d66fefeda08661092e918b3ae8691a1a9c956651
SHA256:
F74C11691BD2C5D634A29D38DFE7AFABC47C964DDF9AA089043C6E2A3BB572F6
File Size:
2.38 MB, 2380071 bytes
|
|
MD5:
34a91e18da790fd87f7a0fb84dbaeb0b
SHA1:
9dd7fe6cc99756e1583d3f637059de2a3210bdf2
SHA256:
2276891F54BF49B1F2F8F7F870537BA6FF9783800CC096873DFBF63B6E95D83A
File Size:
2.03 MB, 2031491 bytes
|
|
MD5:
a5a6fa6e3b1d4ae0233854410efcfdb2
SHA1:
62bc613b0993399273b09b6c8b12b6cad95093ad
SHA256:
6587221A44BDF1488885FA8908E71E20D276DEC2BE0AEAF942BE4D317DCD872F
File Size:
2.03 MB, 2030770 bytes
|
|
MD5:
855a35118f3c9270cb43a81837503a42
SHA1:
62535eacd0b3ce94c5f75f172cb0f57fbac89c4e
SHA256:
2DE75870EF5F78844FF15A96831FADF3D8625D48BDD463E1F606CFE6CEEF3C78
File Size:
5.79 MB, 5790720 bytes
|
|
MD5:
bdbcdbe87be881b2606084578c8c68c9
SHA1:
361c8697b11931e1554139e4e20e3a1d34e62821
SHA256:
DFDEDD6CC62521A83559389BB06113F90E8C3D06D3D72C8D48ADDB8AACFB279A
File Size:
2.39 MB, 2387284 bytes
|
|
MD5:
5608290fa9433882da4e5aa65dc11a87
SHA1:
2c152d7cf68a66f6905bbe1a9059579349b5243a
SHA256:
7C3145BE348AAABD60243D9AE5BFC6F49C4E7C4509FCEFD37DD96E24321328F5
File Size:
2.93 MB, 2930355 bytes
|
|
MD5:
5fadc25c7bfde08ce28e551a5f4349c9
SHA1:
b4fcd2033e9cce2ffa257fdf8fe95cbb74758c21
SHA256:
06E56B8056BE2C40C48B261BEAE74595920AE98EE0B549C211789A6711A405AF
File Size:
4.27 MB, 4269056 bytes
|
|
MD5:
4541b16863bf44ca06655cd5de6b55ec
SHA1:
9965b092d408dc7216943942aced64f230b8b15f
SHA256:
8ECF285FCDFE181320B5FDE584E85CE5F182607D27879E65FBB6D9A28A0CB4F6
File Size:
2.99 MB, 2985131 bytes
|
|
MD5:
465ae51b717d2c468e1fe25941a3df87
SHA1:
ac06785073f445a1dc4f8fbc8692bb972e87eb61
SHA256:
90AD8F8E4B99CFDCB53A8B91930F1E97B93FF4AA9C874317FC291FC6D6A8EAB5
File Size:
2.69 MB, 2688512 bytes
|
|
MD5:
93aa5599b8622d6820287cd441583ce2
SHA1:
978c62db9b92a2106480b961973fa280b3206deb
SHA256:
71AC456F943B7C590B29395303AC6A2F9DADF51E5ACB07B38472BB7A4F747B1D
File Size:
2.31 MB, 2312962 bytes
|
|
MD5:
f8b82d440b3b83c65d67c608d3c74e2e
SHA1:
fd0509a9e65cf6ac475083622c3dd1d5bf68915e
SHA256:
9CBCC36684E68A621FB0FD9AC18CE7810949426994E893475122CE57443C7452
File Size:
2.35 MB, 2349195 bytes
|
|
MD5:
751c46bff1b54002c285f539f15dd64e
SHA1:
0258b9de5e5860e178981656b9038fb0b9d80f59
SHA256:
0F3778FF494ECC5553A4B8F49C542D59041B96801E763843E623F8485C1B018B
File Size:
2.65 MB, 2646564 bytes
|
|
MD5:
257aab425b71c524ae3b0e84f6eacdb9
SHA1:
3401017fdef0ada54b367732626019db9cecc160
SHA256:
F1790F7C81D5D2464BD2AF7266B30024ABF3345CE339953C22B163D51DC00105
File Size:
2.94 MB, 2940834 bytes
|
|
MD5:
b8c54853b3e66798a6729cec61132fc1
SHA1:
fedd7881f98ad1d6f7abee07941ec8f8fbbbb917
SHA256:
26D0065E4E319642733C565A54389DF88E5DD55669F70F66EED567FFA7B91AC9
File Size:
3.75 MB, 3751399 bytes
|
|
MD5:
9b30cd7779c68541bbd134dbe5ec7200
SHA1:
c6b48aaaf4e1e928553fc73eb0bbe4cf5c82c86e
SHA256:
6FCC002D9E033C410262D16AC0E5D17EB28222D4D0D7BA777AC09F9F817EB61F
File Size:
3.75 MB, 3748352 bytes
|
|
MD5:
3b2e664d3c4b4b2509ebb58955028399
SHA1:
e105c1c78086406d12c69fe5746ca014b0e9ff14
SHA256:
678CA4038C7959C1617A91EA70053C9368B9F3250A82B98E1B75997582B2158A
File Size:
2.39 MB, 2391241 bytes
|
|
MD5:
58dd89642457b2c51f140205cf5adbf9
SHA1:
b8d15db9bd7c994676811ea53a4adbff6d97e4c0
SHA256:
D9AB2E9E75ACDD1121248BEDF19930DD9DB1FC57BAD9B2156451281F56A6DE85
File Size:
2.51 MB, 2511765 bytes
|
|
MD5:
a628ced46b2c7bcb5ebc0c1ecd85c5a5
SHA1:
0e4daa95b93cb411d7a7ea7942b8fcf0c68cb442
SHA256:
F8AEC5CD57EA228C7BF17581CC8E9BF4714B318C61AC51599F070E512CF2C40B
File Size:
2.18 MB, 2175980 bytes
|
|
MD5:
6a0c1961ad13d5d66c2db0783631020e
SHA1:
c85d7e68912c38469e9103fef060cbc1a6e14887
SHA256:
B4E4EAB1D184FE49958A8C32387F5A33EE3227ADE495D4731D8659C244DB7C2F
File Size:
3.03 MB, 3025920 bytes
|
|
MD5:
282b2555b0e4061370f40bd22f587652
SHA1:
0385eb511be2001814941a2725f7fb428816aea7
SHA256:
ACE36D5B73F2F5E9A9DB0EA52704CB3B96DB5588BF83EE9915B5E20C2AF4839E
File Size:
2.28 MB, 2275588 bytes
|
|
MD5:
319ae8b30a1789898095f331db2eece7
SHA1:
3b709f1d676a1fd60d772d4de4c9fb31e5028e51
SHA256:
909FF6C8B78AD4145DA2C2EFFD5FAB93007817B83791D83FE865744279E966CA
File Size:
1.92 MB, 1918390 bytes
|
|
MD5:
d76c5f5b9dd7c78c41ee5d5d1c7e4abd
SHA1:
7912269df7009b7c345ec8d8670ee6da185fddcf
SHA256:
185445F36FAAF98690FA5C5EFB6028F33B79411F5AA4C5021BC8A04746023B6C
File Size:
3.20 MB, 3202404 bytes
|
|
MD5:
d9990f4ae92328fbef5479f742df6a8b
SHA1:
669da279fa8e19bd4c658ef974bb3f65fb7fe8b1
SHA256:
6C8CB7A5183F5A97906FA96C0A4EB39369FA2FA44B4E328EDDC7626552CD324E
File Size:
2.45 MB, 2448896 bytes
|
|
MD5:
1c1a0402eecfdd1e8a4f1101e4dd370a
SHA1:
5bd3b9640dbb6886f8a3061576e2f28a67709dbf
SHA256:
DE57C7CF1E399C64DBBA6470AE64764D750C14229BF6820E002D1234F3D14C38
File Size:
3.13 MB, 3125684 bytes
|
|
MD5:
8d183df9b2ca3641ddb8bf532dfba90f
SHA1:
4649423bf9ab28b4a70ce1bc32a6ac5d3df8581d
SHA256:
0EAE293EEB7ECD15309ABF5288294A79A310821B1288B2B86C4EED45984F3219
File Size:
2.58 MB, 2580894 bytes
|
|
MD5:
49a750d5c4cab775756c6fdca1693e79
SHA1:
57882e50aacd6958db35027bc9f21cce0f6968cb
SHA256:
AAF7B4BFB532EAAE5C891D11DFA64CD61B32AF7C903E4196A94B18DD0CC6D398
File Size:
2.80 MB, 2796388 bytes
|
|
MD5:
41cb5d06d83ebf1c00f006e8deaf1c8c
SHA1:
473a345a08732876e4ed5425a9a404d5480b6b79
SHA256:
083B175D78D7D711A78DB0976BC67783D8790F9BC81C982C1A3D3819CA181C29
File Size:
2.67 MB, 2667844 bytes
|
|
MD5:
e5925059e32b76324e599fd54e46ac73
SHA1:
7d88fa17925a91389c8dc79f9c6f2f7791fc4f1d
SHA256:
97FB9767EB51123E7489BC05BA39239E096EB5DCA5D608965A952FD1F7FBA68C
File Size:
4.45 MB, 4450304 bytes
|
|
MD5:
473e2e83c13a90faee5d7d2fdc4d96a8
SHA1:
7c950b7186b84f696120b565993b5e3a92498d28
SHA256:
51A885FC173FE09877A65E16858213BE5BF8A962096B01436E5F0BE1A8654072
File Size:
2.76 MB, 2763370 bytes
|
|
MD5:
72e72c07e7b683814a0348a2710826c1
SHA1:
da2f3208e6346bc61a0a098db2478363e2fc26e0
SHA256:
1C6E51292F873014BD4A4BCDDC2F988FFF3AE36779C06F29E10C64621436725B
File Size:
3.32 MB, 3317760 bytes
|
|
MD5:
b3d56d0624739fec885c67ca586acea1
SHA1:
d608440183cb1905c0a0f208c22f86ee7a63ba94
SHA256:
475CB39DDD7C369A69F04A471A0467D14985B1B981E80497692B64758123EED9
File Size:
2.08 MB, 2080761 bytes
|
|
MD5:
988e4aa5b1f0492ef52282b5947c6b35
SHA1:
cceaa23f9614ca9c633d51a86abb71ffcc41a79d
SHA256:
F351723A7E52985DE0D03ECA1691EB891BAB43B57E344AE413E4FA88ADF4589E
File Size:
2.55 MB, 2546092 bytes
|
|
MD5:
ec5762ceedf0ff4244a896ba17d7dac2
SHA1:
c6f41a277d33b7977f69bb4ecca8373f368602a7
SHA256:
BDCE0B3D71275B8F637C61BB15C202659832D63822922A29C68605765BDA6ABE
File Size:
3.15 MB, 3154404 bytes
|
|
MD5:
2a3235290fb810b10a69db4da4253503
SHA1:
4fd6498a23aa9c7e4167557480b8f446b7073c76
SHA256:
4EE58AA7ABC69E86B3988DF954CD7A6B616836C88A26F4C67CA6C6EB7915DF56
File Size:
2.85 MB, 2850865 bytes
|
|
MD5:
2968aa49ae21532ae7d2b85701c1a1a8
SHA1:
2c09113ab291e302d13b7a1c4496e19f393de505
SHA256:
EF3414E089A7926BC718A5F5CB76F2FC0C497A5AE9F50D15256D1F67CFA29835
File Size:
6.92 MB, 6923784 bytes
|
|
MD5:
c70a0d0e271a6471a03a41cbb79b0283
SHA1:
4467998b36b652dce8dbc691422575e5b289bfa0
SHA256:
4CF1009E750E2D2ABE9093F76E32DD3E51C8181615B3DCF9C61D9BEA29AEA12F
File Size:
2.94 MB, 2938763 bytes
|
|
MD5:
05d9e0088a4170c093b6e830af4c1573
SHA1:
9444276a11c629207b4f231220172b7ed2dd4ce2
SHA256:
D72DD6A82C34978838894546D4131B23DE026B610808AE4ADBDEE825787B6432
File Size:
2.57 MB, 2574569 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
358 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Auto It Version | 3.3.16.1 |
| Comments |
|
| Company Name |
|
| File Description |
Show More
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
|
| Legal Trademarks | Copyright © 2008-2020 Auslogics Labs Pty Ltd |
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- big overlay
- HighEntropy
- imgui
- No Version Info
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3,324 |
|---|---|
| Potentially Malicious Blocks: | 245 |
| Whitelisted Blocks: | 932 |
| Unknown Blocks: | 2,147 |
Visual Map
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
?
?
?
?
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
?
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
x
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
?
?
x
x
x
x
x
x
x
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
x
0
?
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
?
?
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
x
x
?
?
?
?
0
?
?
0
0
?
0
0
?
x
?
?
?
x
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
?
0
0
?
0
0
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
x
?
?
?
?
?
?
?
x
?
?
?
?
0
x
?
0
?
?
?
?
x
0
0
?
0
0
0
x
?
?
?
0
?
0
?
0
0
x
?
?
0
?
?
?
?
0
0
0
0
0
?
?
x
0
x
?
0
?
?
x
?
?
?
0
0
x
0
0
0
0
?
?
?
?
x
0
0
?
x
?
?
?
?
?
?
?
?
0
0
?
0
0
?
?
?
x
x
?
0
0
?
0
0
x
?
0
0
0
0
0
?
x
?
?
?
?
0
0
?
?
?
?
?
?
0
0
?
?
x
?
0
?
x
?
0
0
x
?
0
?
?
?
?
0
?
x
?
x
?
?
x
x
?
?
0
x
?
?
0
?
0
?
?
0
?
0
0
0
0
?
?
?
?
?
?
0
?
?
?
?
?
?
0
?
0
?
x
?
?
?
x
0
0
0
0
?
?
0
0
0
0
?
?
?
0
?
x
?
0
0
0
?
?
?
x
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
0
0
0
?
?
0
?
?
?
0
?
?
0
?
?
0
0
x
?
0
?
0
x
0
0
x
?
?
0
?
?
0
0
?
?
?
?
x
?
?
?
?
?
x
?
0
0
0
?
x
?
0
0
0
?
?
?
0
?
0
?
x
?
x
?
0
?
x
?
?
0
x
?
?
?
?
?
?
0
0
0
0
0
?
?
?
?
?
?
?
0
?
x
?
?
0
?
?
x
0
0
?
x
?
?
?
?
0
?
0
?
?
?
?
?
x
x
0
?
0
0
0
?
?
?
0
?
?
?
x
?
?
0
x
?
0
?
?
?
0
0
?
?
0
0
?
?
0
?
0
x
x
?
?
?
?
?
x
?
?
?
?
0
0
?
?
?
?
?
?
0
0
?
x
?
?
?
?
0
x
?
x
0
?
?
?
?
?
?
?
?
x
0
x
x
?
?
0
0
?
?
?
x
0
0
?
0
?
?
?
?
0
0
?
?
?
0
0
?
0
?
0
?
0
?
x
0
?
?
?
?
0
0
0
?
?
0
?
?
0
x
?
?
x
x
?
?
?
?
?
x
?
0
0
?
?
?
x
?
0
?
?
?
?
?
?
?
0
0
?
?
x
0
?
0
?
?
x
?
x
0
?
?
0
?
0
?
?
?
0
0
?
0
?
?
0
?
0
?
x
x
?
?
0
?
?
0
?
?
x
0
?
?
?
?
?
?
?
?
x
?
?
0
?
0
?
?
?
?
?
?
0
0
?
x
0
?
0
x
0
?
?
?
?
?
?
0
0
?
x
?
0
?
0
?
?
?
?
0
0
x
?
?
?
?
x
?
?
0
0
?
?
0
x
0
0
?
?
?
?
x
?
0
?
?
?
?
x
0
?
x
?
?
?
x
x
?
?
x
?
0
?
0
?
?
x
?
?
0
x
0
?
x
0
?
?
0
?
?
0
?
x
0
x
0
?
?
0
?
0
?
?
?
0
?
?
?
x
?
?
?
0
x
0
?
0
0
?
0
x
?
0
?
x
x
0
0
?
?
?
?
?
?
?
0
?
?
?
x
0
0
0
?
0
?
?
0
?
?
?
0
?
0
?
?
?
?
?
?
0
0
?
x
0
x
0
0
0
?
?
0
?
?
?
?
0
?
0
?
0
?
?
x
?
?
0
?
x
0
?
0
?
?
0
0
?
0
0
0
x
?
?
x
?
?
x
?
0
?
x
?
0
?
?
0
x
?
?
?
x
0
0
?
x
?
?
0
?
?
?
?
?
?
?
0
x
?
0
?
?
0
0
?
?
0
0
?
?
0
0
0
?
?
0
x
?
?
0
?
0
x
0
0
0
?
?
x
?
?
?
?
?
0
?
?
?
?
?
?
0
0
?
?
?
?
x
0
0
0
?
0
?
0
?
0
0
?
?
0
0
?
0
?
?
?
?
?
x
?
x
?
?
?
0
?
0
?
?
?
?
x
x
0
0
?
?
?
?
?
0
?
?
?
x
?
?
?
?
0
0
x
?
0
?
0
?
?
?
x
?
?
?
x
0
?
?
?
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\program files\common files\system\symsrv.dll | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Network Winsock |
|
| Encryption Used |
|
| Anti Debug |
|
| User Data Access |
|
