Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.HGAA

Trojan.Kryptik.HGAA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 486
Threat Level: 80 % (High)
Infected Computers: 2,363
First Seen: July 24, 2024
Last Seen: April 19, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.HGAA
Signature status: No Signature

Known Samples

MD5: 6929f99b2e73ba036b49281116e53f67
SHA1: 17ca8951f056375ddbec7640dc97cddfbb44028f
SHA256: 86CAAD5212B0C98D7BD9BF4E4AADD0B69EFAD1008B993A81B947F1989AED0B70
File Size: 79.36 KB, 79360 bytes
MD5: 3d066c20fe6e60b8594b9e59e719c59e
SHA1: a45faa24460ed3bf9feaa20e4270520c60bd0a6b
SHA256: A67F090D61A465981D90CE1D53E57E757D02A58593C70DFFF34F211474AEA808
File Size: 10.75 KB, 10752 bytes
MD5: d2c9adb526fe58900d42e425e76b1ae8
SHA1: 4ff9d9cd5c4fc35fe411061ba3289a705db2ae31
SHA256: 38300F25A467B98FAE88DA7B93EA7183E5A96BF7EE313EC5007DEE72AE28092F
File Size: 72.28 KB, 72280 bytes
MD5: 4c9626223d36e55f5ec7defdde5f5559
SHA1: b67ff91aa9ddb6bb72d3da977a88c2ae6acb2ea6
SHA256: F5F60D233007D7CA9DB5DEA29742E176DE1510FCF953AE1A1EC96F3C90895582
File Size: 8.85 MB, 8852755 bytes
MD5: 59abe0b44b208e578311bd503dffade8
SHA1: 0854accd15a2124c4eab8895ef8834eb6f914425
SHA256: 9E261094A6B5C8E44B45665DAE06C89A7DF90FD12B10BC5F464A6BAC8FCD7958
File Size: 9.22 KB, 9216 bytes
Show More
MD5: 5a73cd789321ef199d4cf53d21ad21bb
SHA1: 8281434e0af2d47a31d8ad09754f2ac86c756b5b
SHA256: 5F3D745DB74EACBD1DD3C18F3F96794DC5E566C992294C0F29799E16178CAE81
File Size: 32.45 KB, 32448 bytes
MD5: 67091acb3b6193e7ccc77a405273bc1e
SHA1: 5216323a2405d06ee0f12c8a33d88ed7e7c149a0
SHA256: 48BD2800A40AECE92452191336BB64D5400B1B1DCA7D2AE82D404AF8A1B636C5
File Size: 33.28 KB, 33280 bytes
MD5: efb2d6ec4be92e71ca2427d962463aca
SHA1: 0692fd84e77efe37c0407b6a56923c1cb6afd166
SHA256: 7B4F8E1F1B10876B82AEB48F44D8A498546952A74B7E5D08F90FCE5E19BE38D9
File Size: 15.87 KB, 15872 bytes
MD5: a8c219de419a8f1b57e95b391576ce81
SHA1: 61e18c6aa4a0152da3bc65cf3adecd2b61745087
SHA256: 201D3D61DC5E1FA0DC884C91C0C9C58E25B869EBFC75B88F9DCFB2F013EAE1A2
File Size: 4.23 MB, 4231083 bytes
MD5: 61e18b9073418b4055061db295ba3a0f
SHA1: 0cf8dda3dd05551f9bbdeaf74d5da065bcd7700b
SHA256: 1BC19E9E848A0B964474FABFE8B12BDE8B4D29554FB26F6DDA86C1C94F82FDB7
File Size: 8.04 MB, 8036353 bytes
MD5: e0a84e2e4b8fdafc20194bdb1dcb8a6a
SHA1: 0fa0eba2a88f21f988458908902085b10c986f68
SHA256: 6E224EC4E294EDC581EE653A748AFC40C836FF9224C91D3FCCC90AC597B16F86
File Size: 11.78 KB, 11776 bytes
MD5: f5f577da8cdf6b4824bc1fe23329d235
SHA1: e2c85b8050602fc59cb60f28539699688004f455
SHA256: C9AE1AB3B9624DB21C1CEDD05C4605EB5E76F52E40F6BFA1F2E2D2CDB1B857E3
File Size: 519.02 KB, 519016 bytes
MD5: ecf3521162620802f82b24345d4dac36
SHA1: bb6b042d90db459f9e5247c8f10d78fb7bb9655c
SHA256: CBD37CA1D3FD112F1582F36EF6DD0F5760727AD1A3E6A9EAE3E8F560B938AB6C
File Size: 5.62 MB, 5620097 bytes
MD5: 4a0bc97fd440886d4648d876d8c66261
SHA1: 91b496034af047ca3e450582d7c068b169b40943
SHA256: 914936CF7F9A9191BDBD606B2E2B64901EF392AD6AC42BCBACFA0503BC48D5F0
File Size: 93.18 KB, 93184 bytes
MD5: c7d1cdb9ff0338dd5deb435d97afef41
SHA1: 9e3bae4e52a86ec06d0631343b77fd83336d5848
SHA256: CD91903B55D772177163F2E38507021CE47C654D0308A3C1871717513E64589F
File Size: 22.36 KB, 22360 bytes
MD5: 8ec526717656c2827d86b56badfbdf79
SHA1: 7b8e14d46999f44811e5d1dedffcbd7fd359e9de
SHA256: 445277240E2D9AD40E2A5EEE9F486EFF2D4E05CF713E67CBC6EA10CEBCBD4805
File Size: 11.26 KB, 11264 bytes
MD5: 7f2b5653606e7618d76cd0ac23fd6a9d
SHA1: 829983f0fa276a694dd11c3bd6467323255879b5
SHA256: 2BF8659CF016A89D2CDBE42B8497CC13247FBDECC6207D4D38E1F34F078554CF
File Size: 33.28 KB, 33280 bytes
MD5: 5b6dc17e914c1fe3164435f7edc53f62
SHA1: fb58d50a0807893d5271c93731dc8901732b38f3
SHA256: AFB924FF41DF707A964AEACB383324576C654BC9DC5193D248B411F1275C752D
File Size: 2.24 MB, 2240204 bytes
MD5: 346ffc7bb4dda718573247b133af1dff
SHA1: 228ce915acb3a7690aa6b2a812e3dc209323985f
SHA256: 9C5D370B8E4419FF07D9C172431859BA1AC0C446881ADC4B09669EB9BCEB11B9
File Size: 33.28 KB, 33280 bytes
MD5: 9aeac4c3280605e9008c0a3642c22292
SHA1: ace879dcdf77054ff3babb399b5ade1da4c443dc
SHA256: 9FC26E4431F4887949E6C5F99135EEE31212A59814E6653260449460DC9A8A63
File Size: 15.13 KB, 15128 bytes
MD5: 071dd05351151ecb39f5655e8fee7d6e
SHA1: ae5d4c5b54ada42547ff2ba4009dc0aabcb36d62
SHA256: 242760121F67D5467197BBBB96D52038010F00DDA9D0FE1F79ACD786ED6F7935
File Size: 15.13 KB, 15128 bytes
MD5: a6475b34c424f18c83616e09e6c9fb45
SHA1: 8fa7bd9d46953096ed2fe9126a2fe9b9f53722e3
SHA256: 15F4FA5E8A112472125041E1DB143A155AD57A64B0CF5AD5C0755C782A427569
File Size: 14.34 KB, 14336 bytes
MD5: fec4f533603e0e7b9d1e445c1834211d
SHA1: f1d11c9aa40e9c5e6d328209fc173477f02ac190
SHA256: 0B68B641EA1FCE1F652F55F3C5015C4672CAA6813D0CD80C4A1FAD771CC775BF
File Size: 79.19 KB, 79192 bytes
MD5: c62c6b070bd164acddfc0f56e581d33b
SHA1: 8aa429bcd7f0b8ee2c8f060292f72631a46f0a54
SHA256: 5CC0D1C8F8062F7CD0C1992B3C404D6B3221238E936A5DFDB3A51B7FE7DA5EA6
File Size: 12.90 KB, 12896 bytes
MD5: fefad08cd9fe4a005b3eb0462ffd970a
SHA1: 0f50fb4ef69002dc0ebeed3b407cb4240e7d40ed
SHA256: 7D3F51B7A13432B4A1F5FC55FC9E5F35A5DB66DAE5660A41490AD235969788B1
File Size: 33.28 KB, 33280 bytes
MD5: 557ff8cea9520ca41751118621421449
SHA1: b6cab2c998257e8302a6a831b08469fc310f41e8
SHA256: 194AB2E895DF38BA14951DAED9F71E75F53AB3202F3F67A7A76696C2A44BBEFF
File Size: 33.28 KB, 33280 bytes
MD5: 201de9e0ab01c05f10ae931814ffbb8f
SHA1: 6b3425603311cd0be82fd79091e4149a21209aba
SHA256: 86471B6D37BFF36A976FF8FD3FD6A35480DDCCCF4C6DACBDD6015AC0A747B211
File Size: 12.29 KB, 12288 bytes
MD5: 9da70c4256e0353f5640de3a36da61af
SHA1: 4d4d0a963f7e252317c81c37bf4f8faedd577e8e
SHA256: C4FA158CA75C5F1C494EBF28FD74CF4C34E4DABE64F90B088F7EA1FFBCA653F1
File Size: 64.00 KB, 64000 bytes
MD5: afafb64d81cd2f4b62865f51b7d9ce99
SHA1: aed35c3aff83417536cef12fcf68d7d23ae010bc
SHA256: 1976B436D24C57A0E9B5ADA2CD0EF81C632B0DEC5071BE989E1D3F487B5D18EF
File Size: 9.91 MB, 9913461 bytes
MD5: 65e1b21cc913081f9504826c66e836e2
SHA1: 97d4caec2f94dd8ded250ad53af84cef571bfb0a
SHA256: A1DF0FBD41F6C22E4BCE786DDE7B98CC3F958C2BBCDF9418DAA51B2CCD3B5070
File Size: 7.19 MB, 7189078 bytes
MD5: 1c09e6906b7f0187f3f4f0141cebb43c
SHA1: b3b71bab3b9dbdcfbc1303bd26e56b8349e97fc1
SHA256: FFC75BA2E18C878CB8A0CBBB39DBC9A804CEB26509118C4E0FB096982CA2CE6A
File Size: 33.28 KB, 33280 bytes
MD5: 2851671ff29110e58fc2e45a865122bd
SHA1: 0adebea97583aefac0f9452a91f5781d3936d919
SHA256: 1E68C5267AA03C52530ED6B93907F56D6A2F5EE227ACDD68053CC107078C2ED7
File Size: 12.29 KB, 12288 bytes
MD5: d130f5749f1ed7f2769f20a3275a4961
SHA1: 68d819646cb5a6cec768eb315771bcb30ccf3751
SHA256: 3BE0E82FE252624C2F63E6F9C81CF4825F64175A1C521170C89C47E12DEDDAF0
File Size: 33.28 KB, 33280 bytes
MD5: 7a3a88a47cba1f4d5db4f54a3b37ec0e
SHA1: 7eafe0c648a1c1d31ad13ad70deec9f0471d9253
SHA256: D3922D43DAEF0FBB44AD775DC35638145E31B9AF4CF6BA15F1ADE32EAEF40313
File Size: 146.94 KB, 146944 bytes
MD5: 23654b6e93cc9282df5ae3a94f960f5a
SHA1: 835a0a95224a6cdbb7838ff03bf3165c1e3981fc
SHA256: 5167E09159F41DA9EA6BCE3398D7738C5DFDE5B371A4FEB0A3E5DD6CD238B824
File Size: 4.60 MB, 4601344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Build Number 0
Build Date Xxx Xxx dd dddd hh:mm:ss
Build Type release
Build Version 62.490293
Comments
  • Author: Mario Schlesinger
  • IrfanView Installer
  • Made in Russian
  • techsense@126.com www.3wcad.com
  • This installation was built with Inno Setup.
Company Name
  • Adobe Systems, Incorporated
  • Adobe Systems Incorporated
  • AIMP DevTeam
  • Allianz Deutschland AG
  • Argotronic UG (haftungsbeschraenkt)
  • athpremium.com
  • Biztree Inc.
  • Cesar82®
  • Irfan Skiljan
  • Lihuiyu Studio Labs.
Show More
  • LR
  • Nero AG
  • Robin Dally (Robert D³ugosz)
  • Ubisoft Entertainment
  • Yener90 Fileforums.com
File Description
  • A.I. Swiss Knife
  • Adobe Image Foundation
  • AIMP2: MediaKeys Helper
  • Argus Monitor HW Init
  • Asistente de Instalación de Business-in-a-Box
  • Call Of Duty 2
  • CIU Tools™
  • CorelLaser Assembly
  • Custom Installer Ultimate v3
  • Hook USBPort
Show More
  • Immortal Unchained Storm Breaker Setup
  • IrfanView Installer
  • MP3 Library (Pentium)
  • Nero Karaoke DLL
  • Tom Clancys Rainbow Six Siege Setup
  • Volume2 Setup
File Version
  • 2024.11.8.1250
  • 2024.8.22.1243
  • 21, 05, 8, 0
  • 6.0.0.0
  • 5.3.0
  • 4.25
  • 3.0.00
  • 3.0.0.1
  • 1.1.9.469.0
  • 1.1.0.0
Show More
  • 1.0.10.1010
  • 1.0.0.5
  • 1.0.0.2
  • 1.0.0.1
  • 1.0.0
Internal Name
  • A.I. Swiss Knife
  • AIF
  • Assemble
  • boost_date_time
  • Business-in-a-Box_Setup_ES.exe
  • HWInit
  • IrfanView Installer
  • Karaoke.dll
  • MediaKeys Helper
  • mp3
Show More
  • USBHook
Languages English
Legal Copyright
  • (c) 2001-2014 Biztree Inc. Todos los derechos reservados.
  • (C) 2007-2016 Argotronic UG (haftungsbeschraenkt)
  • (C) Lihuiyu Studio Labs. All rights reserved.
  • (C)Lihuiyu Studio Labs. All rights reserved.
  • Artem Izmaylov
  • CIU Tools © 2021 - 2024. Cesar82 Utilities Inc.
  • Copyright (c) 1995-2006 Nero AG and its licensors
  • Copyright (c) Adobe Systems, Inc. All rights reserved.
  • Copyright 2007-2025 LRepacks
  • Copyright Allianz Vers. AG © 2017
Show More
  • Copyright © 2009 by Irfan Skiljan, Austria
  • Copyright © Digital Human 1997
  • Team ATH
  • Yener90
  • © 2005-2012 Adobe Systems Incorporated
Legal Trademarks
  • CorelLASER(R)
  • CorelLaser(R)
Original Filename
  • aiknife.exe
  • aimp_mmk.dll
  • Assemble.dll
  • boost_date_time.dll
  • Business-in-a-Box_Setup_ES.exe
  • HWInit.exe
  • irfanview_plugins_425_setup.exe
  • karaoke.dll
  • MP3.DLL
  • UsbHook.dll
Product Name
  • A.I. Swiss Knife
  • AIF
  • AIMP2
  • Business-in-a-Box
  • Call Of Duty 2
  • CIU Tools™
  • CorelLASER
  • CorelLaser
  • DVA Product
  • HWInit
Show More
  • Immortal Unchained Storm Breaker
  • IrfanView Installer
  • Nero Burning ROM
  • Tom Clancys Rainbow Six Siege
  • Volume2
  • Yener90 Installer
Product Version
  • 2024.11.08
  • 2024.08.22
  • 21, 05, 8, 0
  • 7, 0, 0, 0
  • 6.0.0
  • 5.3.0
  • 4.25
  • 3.0.0.1
  • 3.0
  • 2.0
Show More
  • 2
  • 1.1.9.469
  • 1.0.10.1010
  • 1.0.0.1
  • 1.0.0
  • 1.0

Digital Signatures

Signer Root Status
Biztree Inc. Go Daddy Root Certificate Authority - G2 Hash Mismatch

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • Installer Version
  • ntdll
  • packed
  • upx
  • UPX!
  • x86

Block Information

Total Blocks: 5,646
Potentially Malicious Blocks: 1
Whitelisted Blocks: 3,006
Unknown Blocks: 2,639

Visual Map

0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? 0 ? ? 2 0 2 ? ? ? ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 ? ? 0 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 ? ? 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 1 ? 1 ? 0 0 ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 1 ? 1 ? 0 ? 0 0 0 ? 0 ? 0 ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 0 0 ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? ? ? 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? 0 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? ? 0 ? 0 ? ? 0 ? ? 0 ? 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 0 ? 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 ? 0 ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? ? 0 ? ? ? 0 0 ? ? 0 ? 0 ? ? ? 0 0 0 ? ? ? ? 0 ? 0 ? ? 0 0 ? 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? 0 ? 0 0 0 ? 0 ? 0 ? ? 0 0 ? 0 ? 0 ? 0 ? ? ? 0 ? ? ? ? 0 0 ? 0 ? ? 0 0 ? 0 ? ? ? 0 0 ? 0 ? 0 ? ? 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 0 ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? ? 0 ? 0 0 ? 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.U
  • Crack.M
  • Dialer.GB
  • Downloader.Agent.U
  • Emotet.CDA
Show More
  • Injector.FSB
  • Injector.XG
  • Kryptik.HGAA
  • Small.BB
  • Trojan.Injector.Gen.AZR
  • zBot.ENA

Files Modified

File Attributes
\device\namedpipe\a389112f-4a10-4f18-a7d3-cbd37d79df2b Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_swissknife\ai_arc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_swissknife\template.aia Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_swissknife\valuetransformer.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\btd62f9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4rlpn.tmp\fb58d50a0807893d5271c93731dc8901732b38f3_0002240204.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fhs41.tmp\61e18c6aa4a0152da3bc65cf3adecd2b61745087_0004231083.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\is-pps0o.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-pps0o.tmp\arial.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\arialbd.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\ciulib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\clicked.wav Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\eqdefault.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\maskslib\botva2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\music.wma Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\pckr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\selected.wav Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\tahoma.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pps0o.tmp\tahomabd.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-r0ihg.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-r0ihg.tmp\pckr.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-unkrm.tmp\bb6b042d90db459f9e5247c8f10d78fb7bb9655c_0005620097.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vannv.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vannv.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vannv.tmp\b2p.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vannv.tmp\botva2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vannv.tmp\innocallback.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vannv.tmp\isdone.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vannv.tmp\ismyfont.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup log 2025-11-09 #001.txt Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Keyboard Access
  • GetKeyState
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOptionEx
Network Winhttp
  • WinHttpOpen

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\17ca8951f056375ddbec7640dc97cddfbb44028f_0000079360.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a45faa24460ed3bf9feaa20e4270520c60bd0a6b_0000010752.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ff9d9cd5c4fc35fe411061ba3289a705db2ae31_0000072280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0854accd15a2124c4eab8895ef8834eb6f914425_0000009216.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8281434e0af2d47a31d8ad09754f2ac86c756b5b_0000032448.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5216323a2405d06ee0f12c8a33d88ed7e7c149a0_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0692fd84e77efe37c0407b6a56923c1cb6afd166_0000015872.,LiQMAxHB
"C:\Users\Ivyoqgaw\AppData\Local\Temp\is-FHS41.tmp\61e18c6aa4a0152da3bc65cf3adecd2b61745087_0004231083.tmp" /SL5="$90320,3570768,506368,c:\users\user\downloads\61e18c6aa4a0152da3bc65cf3adecd2b61745087_0004231083"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0fa0eba2a88f21f988458908902085b10c986f68_0000011776.,LiQMAxHB
"C:\Users\Ienpazoy\AppData\Local\Temp\is-UNKRM.tmp\bb6b042d90db459f9e5247c8f10d78fb7bb9655c_0005620097.tmp" /SL5="$D0266,4760352,780288,c:\users\user\downloads\bb6b042d90db459f9e5247c8f10d78fb7bb9655c_0005620097"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\91b496034af047ca3e450582d7c068b169b40943_0000093184.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9e3bae4e52a86ec06d0631343b77fd83336d5848_0000022360.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7b8e14d46999f44811e5d1dedffcbd7fd359e9de_0000011264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\829983f0fa276a694dd11c3bd6467323255879b5_0000033280.,LiQMAxHB
"C:\Users\Wrstnvvt\AppData\Local\Temp\is-4RLPN.tmp\fb58d50a0807893d5271c93731dc8901732b38f3_0002240204.tmp" /SL5="$801E6,1606566,345088,c:\users\user\downloads\fb58d50a0807893d5271c93731dc8901732b38f3_0002240204"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\228ce915acb3a7690aa6b2a812e3dc209323985f_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ace879dcdf77054ff3babb399b5ade1da4c443dc_0000015128.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ae5d4c5b54ada42547ff2ba4009dc0aabcb36d62_0000015128.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8fa7bd9d46953096ed2fe9126a2fe9b9f53722e3_0000014336.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f1d11c9aa40e9c5e6d328209fc173477f02ac190_0000079192.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8aa429bcd7f0b8ee2c8f060292f72631a46f0a54_0000012896.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f50fb4ef69002dc0ebeed3b407cb4240e7d40ed_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b6cab2c998257e8302a6a831b08469fc310f41e8_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6b3425603311cd0be82fd79091e4149a21209aba_0000012288.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4d4d0a963f7e252317c81c37bf4f8faedd577e8e_0000064000.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b3b71bab3b9dbdcfbc1303bd26e56b8349e97fc1_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0adebea97583aefac0f9452a91f5781d3936d919_0000012288.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\68d819646cb5a6cec768eb315771bcb30ccf3751_0000033280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7eafe0c648a1c1d31ad13ad70deec9f0471d9253_0000146944.,LiQMAxHB

Trending

Most Viewed

Loading...