Trojan.MSIL.Agent.NGA
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Agent.NGA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0e15e2a7f15c77bd3980e820f8a4719e
SHA1:
57b3850770e543919034ea9001f100aee772c188
SHA256:
CB9AF2E0546BC2F3EADB2D669D454D7140BB6704E9530C41D48773325D0109C2
File Size:
137.22 KB, 137216 bytes
|
|
MD5:
8ee46cc54a1f2912e66eac2ba7870b23
SHA1:
7fd6d9d052e9a6bec795269a6b93bda3c6b3bd8e
SHA256:
57843A8F20645A1C026D6AFE23A3969E58386DBF887975CD0C7ACDAA25CD6B4B
File Size:
131.07 KB, 131072 bytes
|
|
MD5:
d29393b529873b2129ed9406e757ef38
SHA1:
1ea55c1eecabaa63cd9d7b57e5c3043ad5966893
SHA256:
59C5637F7F85DDF6A31DF7F035F8BDA583771768FAB75B7C349E76B721233418
File Size:
143.36 KB, 143360 bytes
|
|
MD5:
a4ac6396d73ea2b7e3fecb8276418aae
SHA1:
44401811e62fe82af00c4ee5c5c7659152d3cfe9
SHA256:
73769E9F416C63CE931E9C9025F223EDAFBBBC94C910C36DC8F2EEF12A4675EA
File Size:
135.17 KB, 135168 bytes
|
|
MD5:
fc7b84578feb8c61dc74dde341744751
SHA1:
5eb56a937c321d7745e9e0d751f8a3af5d930b0a
SHA256:
B570E704B2F62B9D845289E231264D67310E1C0530B661E0D737C51DEAAD4981
File Size:
143.36 KB, 143360 bytes
|
Show More
|
MD5:
caedf64957580f79a636a4cbf0b8b488
SHA1:
4cc98c2b1e437980ace03458052c422f209b6af7
SHA256:
1865EAC757AB17A193AADDA395816537797570CB1CA88D39FE77DC6C43E63CB6
File Size:
131.07 KB, 131072 bytes
|
|
MD5:
66ee26e7e4ba23922eeead34eb5aad64
SHA1:
80b44bba55c7e617b9ee9bd781fb460ca29abfc4
SHA256:
41897D51FC96D01CD0E19CF7BD721C0C5A2CEEA4E4547794AF7D246C8D30809D
File Size:
152.06 KB, 152064 bytes
|
|
MD5:
b4a736694c0c82654604645698f93b51
SHA1:
62a42c2e9b3fa24811e73f9a81397b77910d6687
SHA256:
58BD344EC07D4836EFE898B002AE8552A85E84717876B9A04ECBACF955D1E830
File Size:
140.29 KB, 140288 bytes
|
|
MD5:
b66b29e901f99435b4695513bc4caebf
SHA1:
20257f6593e79dde009b52cf7247efa3de94ba26
SHA256:
71161CC631182E96A75FCCDBC3D5D2382131D8E4DA98EA750719EAABC968A1C7
File Size:
132.10 KB, 132096 bytes
|
|
MD5:
942e398ad4a992a64ace0431d2ad7cf5
SHA1:
ab22def574a6da227bd92b135016c9d9473e8aec
SHA256:
E767FA6BEEF7DD3D3B138A4D3A0AE142866ED0057B08EFB010F2E41E66327ECF
File Size:
146.43 KB, 146432 bytes
|
|
MD5:
bd85080f4c96f35024caef843e4a1ef6
SHA1:
dab9071dd5dd577da483a3753d54b077cf8f2f64
SHA256:
B9A882E3EA7447323EF68F49504F988CEDE2488A06AAE43863ADC1C3B7511ECC
File Size:
123.90 KB, 123904 bytes
|
|
MD5:
58a3cc57c521933b88fbac2f91e17314
SHA1:
046cb56f54fdad633a9fc46deb57455eaf3b1693
SHA256:
7CB984A94DAB6948D03619CEE3EC9F40E6AD7700EF4519066DA0EA32CB8B6518
File Size:
129.54 KB, 129536 bytes
|
|
MD5:
eaacce9274be3e53c557455d0d73dec4
SHA1:
1265505fb80cab033629f4cbebdd0cb105205b1e
SHA256:
98D79A37D3ACD8027B5CB75AAF9084AEC611552D493C394F7CB1613AEBFC80CC
File Size:
129.02 KB, 129024 bytes
|
|
MD5:
31dcd0bb2aedb44b2ca01c83a391d0db
SHA1:
d35caab6cfea738fdd4f9021e995337c4d7455d1
SHA256:
CF7F15847F43DDD23C394640D334F1A715EADE3CEA052905F7F8A27F9FBB29B8
File Size:
145.41 KB, 145408 bytes
|
|
MD5:
0d309a75828dac3dafed99b55648fe06
SHA1:
06a084bb4766096ccdd5e72cfb74cd3c79eab54a
SHA256:
6CFEAFCAD51BD47D4A1D928A5208EA37337E86BD5CB8CEF2E146137DC68077CC
File Size:
135.68 KB, 135680 bytes
|
|
MD5:
6b4acbf6447c5c0df90adf5765bae17c
SHA1:
ee5726954276d90f6c1f46a5924fc4bf5df3e3b8
SHA256:
8C93C5C2A09155950030B8CFF4975F27A0FB1A6CD9890F38CC4B1B2701ABEDA1
File Size:
130.05 KB, 130048 bytes
|
|
MD5:
9ec004ea2d5a70aa1b6155b749b01b0e
SHA1:
3261e4ed31cb64ea049943c5e2c94fbcf06221f2
SHA256:
4A8A7D8DE6EC5BF557FE9793608C7D8AD1DC42E13B351E124A1F15E3257BF9AC
File Size:
149.50 KB, 149504 bytes
|
|
MD5:
1739ab7402e64053a77051c3ec6bdd2a
SHA1:
f8c1541ddbd2bae9b94295e86c79657ff2a8f233
SHA256:
DE5A7E9C08696351554E926B4F0BC136FA57A496946CF55FC9A330711ECCC8D4
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
47452a498613f3091e6d286509335f31
SHA1:
9799de14fe888f2ffc43c45057c176a5197c2baa
SHA256:
BD98FC97C04BD2E725B14C2AC19FD81B53CF1D869D403932E25F3897630E3922
File Size:
140.80 KB, 140800 bytes
|
|
MD5:
28ae08fc28c4e087a2913aaa879a46fa
SHA1:
fbc5550b48093be0c0e69c78de357779b39104af
SHA256:
A8445DA60528EDC482A82731201DC3BF56A1F2D4A210F89694144449C9ABBEE7
File Size:
144.38 KB, 144384 bytes
|
|
MD5:
2c1288b8c6f032aa390d97ea5182c035
SHA1:
a1705fea091539fb7def84f03052b890f0e2c1e6
SHA256:
BF1B7D249D8CFF55B0E62D6E6A72F62F27E40A45A051705A28BAC00C868CE7F4
File Size:
163.84 KB, 163840 bytes
|
|
MD5:
417c24bb703d19e2e38614136aa2439f
SHA1:
08a9f96571115c2689d74158b95bfd84fb3f42e3
SHA256:
B378D4D9FD2E093EC963C794A2802FE597CCB090B239F6919E9BF59DE389AFC6
File Size:
140.80 KB, 140800 bytes
|
|
MD5:
4b7f61b246c54b2344ad0f37a7057eb0
SHA1:
5c0c0969a6c4a55385ff1394052639bcdd7e468f
SHA256:
74A2F824C69ADCF07E8B010BFC0D9D33FE6C88510C5F6AC7BDE5D508B47BA0CD
File Size:
128.51 KB, 128512 bytes
|
|
MD5:
8091b6b0aa4c98e849ea946f121ab089
SHA1:
30949925b1678e48f78cc3f87d4c5731d397a71a
SHA256:
46C32737E58653F2095D019E6A08CAFB6057A05944FAB0E2686BB6A4779312F8
File Size:
151.04 KB, 151040 bytes
|
|
MD5:
0ec844dba4b24fc4f74a143739a25136
SHA1:
25a0cd6ff84be9b489ec77000ced11e2f77ca647
SHA256:
8A1D89C4712933874F2AD49E8B3ABECD3EF055CE6B5998F903C1A1C78CFEC0AD
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
39cd9bc05444c79b44d2d6ccca8a45d3
SHA1:
08a8df2e82180240c0e9c6a65cdf8592fdca34a6
SHA256:
865E87E3F2A7A1179C4C87E6DB68BE25545EB6EA7CE5D8B4EE19CDBAFEC8C28E
File Size:
125.95 KB, 125952 bytes
|
|
MD5:
5ac1a794c955cfbb4e70506feee5b0c4
SHA1:
b05a3d0df8a1661daef2969a8e7449b99517b916
SHA256:
9B36E5F3AFE1D94B9070DA00B576CC161AD5CF79E3EED3D73C224BDA2340122C
File Size:
137.73 KB, 137728 bytes
|
|
MD5:
a1d7ec7b49d693e099894640ae84b149
SHA1:
df8788938e77cb003b15ebb7b12edb25a7de6bd4
SHA256:
1E81CE82BFC30900F45EAE89321595179F74D3AF17B641623DCDDE2E707F1FE8
File Size:
134.14 KB, 134144 bytes
|
|
MD5:
7d21713af0c893642106bffd9b5ffab0
SHA1:
061d3c3b05fe3abe3d4cb3314f2f9b60c871d1b0
SHA256:
DC8D49B725A7E224B604D80D7F8E680CB1B6DE01D6E1107B9CFB9323FDEFE27A
File Size:
141.31 KB, 141312 bytes
|
|
MD5:
2fcceab458d0853ad7045d612e60ccb7
SHA1:
05407381685eeeea0039440330e9c19a6dec5854
SHA256:
66214068A7ECDE4390E260B80CD4C867C6DA53C191F9FCAC993650D079CA96A9
File Size:
157.70 KB, 157696 bytes
|
|
MD5:
2c989f5d5d9a56cbc05788c1520a2635
SHA1:
0a4d90d6090b887bd44177b5d87cb317c904b817
SHA256:
39B1DA93553B852E29FDE4D442CB1945A83C8F9A400B63A878748C5F99EF0174
File Size:
149.50 KB, 149504 bytes
|
|
MD5:
a29ccbee1ebf370c2ab82001bcb7ba12
SHA1:
cb77bc8b968d02f68ba2ce922f53aee4ff14f73d
SHA256:
43D6CB007CC10495938501F7A1B7BF600E695AF198CD9E36F3E40A43DB86538B
File Size:
145.92 KB, 145920 bytes
|
|
MD5:
521c7c4d45f10ab0fb5cdd8793d52b3b
SHA1:
e2661329fac531ff88a5e14a42944c9651187ed4
SHA256:
0E620DCC0BEF2618C2C8821FC7AFBBEB906B9E161889525C348DD083A8642791
File Size:
134.14 KB, 134144 bytes
|
|
MD5:
7bd28c83d8c372fc297c9f98bf8669a3
SHA1:
46cc276c0aa45368cf4ef471ef96080e1b3ac49e
SHA256:
563D46132219F6ADB4E86AAB8D27E41E8F3A862DC36B1D4391778C08A89FA86D
File Size:
158.21 KB, 158208 bytes
|
|
MD5:
064a13b4d265084a4d63d4db26045529
SHA1:
a472bccd032293440533ac2c30ab6a83a3e4c221
SHA256:
1E7591170DFE6A0445B1D7E412278FF4B592493A5126375BC84BBE7733859DBC
File Size:
130.05 KB, 130048 bytes
|
|
MD5:
19a03596f31a23dd036c2798586aa1f8
SHA1:
6ed69d9b8a039a3ec37b6aa4bec8adf33419da1f
SHA256:
D999066581CB5782FD4058F73DDC93B006A493346A9605CF9E58D470365E03BB
File Size:
136.19 KB, 136192 bytes
|
|
MD5:
80bc168f2e92dfd9755b300609f0e891
SHA1:
1bda01ecc81678aea70406c5900b38f86d7f39e9
SHA256:
32940699F15EF566DCED81C2836D2DD2A2663CC0909BB29D1C4E6B31123E8971
File Size:
119.30 KB, 119296 bytes
|
|
MD5:
cd15b9681e71021b9fb5fc4e7884a7c0
SHA1:
10de1dd04651d4d69ab2bf08951bcf6c97c50170
SHA256:
39D967A79C53BB2B3E22BEEB1052BD05E6829E7C25149AFDEF001787D4995684
File Size:
141.82 KB, 141824 bytes
|
|
MD5:
76da64a05da18f77755395c0e6a402f2
SHA1:
27de67c0e80cb1236de509735b44e46422d78df9
SHA256:
D99A0487D378F20845E527CE0D40F9E7F7DAF1DAF2D988748C11FD047D66A568
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
d6126e9e38399a5da1376f537f3e56da
SHA1:
b130ecd713a147365580156a8e5f134fe12d6a0c
SHA256:
D6B18455274F607174639B2B791FB68E894EC3644D9FCE7DE0E88C6CBD037E30
File Size:
150.53 KB, 150528 bytes
|
|
MD5:
9262b2034f8ec7c07c7b2891194bfcdf
SHA1:
c994d0fa8542944c922d5d90bc8d006efda9ffc3
SHA256:
FBBEA86588A5C5568CB286CC2F0F8AE84FA589C3BF25E30C77B82E52FD37397D
File Size:
135.17 KB, 135168 bytes
|
|
MD5:
75ff4ca80c663078a73b970272964957
SHA1:
f083179004c8a54026a4d6a1ef33e93fc2737051
SHA256:
C4DBDAAD53B34E5A57782F7A5453DCDA40FA301CC84CF45D8C248AD959AA85C6
File Size:
154.11 KB, 154112 bytes
|
|
MD5:
de45f36807f18d2531e147a7a90608e1
SHA1:
ac0ff29a279224dfba4c58754166613ff0ba3c57
SHA256:
2F1D5AC4AFE67B09CD3AFD95E47B95D8CA12140F2C233045C1F3E6965CD90784
File Size:
140.29 KB, 140288 bytes
|
|
MD5:
60be62612db632c4e035c86b1cf1bd75
SHA1:
3c8ab8e47bd324ddb93f63c7ce118c5593c6da29
SHA256:
C033B87901D57E2DE65A0F493FC12069E620E57F283D5C1CC214FF751044BE5B
File Size:
152.06 KB, 152064 bytes
|
|
MD5:
d42c00162884474b6c39154d2f308a9d
SHA1:
27e154965e9f88180e51e379543b948c34397733
SHA256:
B3B4368862289451B54BF89BBEA5BF0FCC3E894B7892C2FCBC281617EAFB5E73
File Size:
128.51 KB, 128512 bytes
|
|
MD5:
9e57be5583596b80112765b6f8595771
SHA1:
3346337f6b9eedbd453183507436fe2b324ea374
SHA256:
EBC7FCC97F88FBB614173220BBA0FCC5A5A5EDC219ED3A683E2495FADB45FBA5
File Size:
144.38 KB, 144384 bytes
|
|
MD5:
a4f474392afabad020caf096661f9386
SHA1:
5a270413b1c7dd834b5dae832339340c67c1357a
SHA256:
22B207DC5B49B1371C2797A9943BA05663B910B850E6C78E8231C3C8CF54FBBB
File Size:
139.26 KB, 139264 bytes
|
|
MD5:
f09c5db335668649f114f106231d1291
SHA1:
d3964c55b7cbca1ae96f4647b73fa2ff85a84d0a
SHA256:
4CCB880B7650B0C7E657B558ACA54711C929BA0B52AFC14E34A6FDA7EF263382
File Size:
141.31 KB, 141312 bytes
|
|
MD5:
ad511dda5cf19b10e00e62503787f7ce
SHA1:
bc16d1c324fe9c329e4a55cb617b24954d102a09
SHA256:
61DEC976C03D47223D5D469E3DBB53FB154E7DF7FA73FBD223FDDC63105C9CEC
File Size:
137.73 KB, 137728 bytes
|
|
MD5:
ee79b386cd76eb9e6a4b657f5d5c5ad3
SHA1:
66c995c6eb9c73c79831fb2ac2d1b379739e1945
SHA256:
88EE5695DDA2B0805A3B7DF8233577AFCF728598AC05BCD7B07B149FE910630F
File Size:
134.14 KB, 134144 bytes
|
|
MD5:
75616dbd04660a1deea8bc6181ca9daa
SHA1:
257840413c1ebd0fde4fcbb46c2b6a84f15a4e38
SHA256:
85A71951E2C000920EBF5EFD7EAA258FE7154D28D9D58EF108D125621A579319
File Size:
132.61 KB, 132608 bytes
|
|
MD5:
504e77d1661bf9ca706f656be3880c02
SHA1:
0cd47ad20f0e11091b643711fcbc9ce399563108
SHA256:
BCA54982CF995034D8A0338F8243DE913F4C1689255C565BD3130C943F08F7A0
File Size:
165.38 KB, 165376 bytes
|
|
MD5:
07c65e9badc7f8bd7f9d35edc85d5731
SHA1:
b063a6f43bf9a982ebc06b5bfdf079db194da9c6
SHA256:
2DCDC65F92B32940BB44423EAD38B1F4C9F301C2B2F68907B75A31CA3A0E45E3
File Size:
151.04 KB, 151040 bytes
|
|
MD5:
02023d7cea0be45b0102343bf1249208
SHA1:
29c2f6f16fa4b966f6757369c2826d159aecc1f9
SHA256:
CDB8F2EB9F0E6B79D90BA8A63D7A04CF3243E200EDB69A8E127FC953A18FB43D
File Size:
146.94 KB, 146944 bytes
|
|
MD5:
48498db4c99d0d979294a4a50b879ebd
SHA1:
698c85170c33dad8bf327e3d485bcfc53b366c35
SHA256:
EEB7D443930867E85E00C3984DFFDB41AC14A8D8C760CE842E6AEA4509F55370
File Size:
154.62 KB, 154624 bytes
|
|
MD5:
7a7601422731a3df4133a78fca065058
SHA1:
eba316733678bab3cf6c535192521db50326f259
SHA256:
0A334424FC4890D9A7B4C8789BE836CA13F03AE4B3F11B088E81B06728AB07EB
File Size:
140.29 KB, 140288 bytes
|
|
MD5:
46e87a702665cff6cd876c54c9e90430
SHA1:
82b6729db2f9ab7946c4386e46d63e258f2cfc92
SHA256:
0E1F95366ADAA2C24C9711C13715E02CB5640941EFFAC74781294E124C6A0A5D
File Size:
142.34 KB, 142336 bytes
|
|
MD5:
0042936c786b91a2ae1e5457f5aeae7c
SHA1:
ae300251dd4cbd3211c79cb5c232c9d0e902981c
SHA256:
895147ADCA18262A8C3891DD21B5E1AC1322CD11FF657D7694B585DED15DF402
File Size:
119.81 KB, 119808 bytes
|
|
MD5:
cf28618564d34ec671a4bd98d888283f
SHA1:
73d09591e7aefea034cd07bb34957d61bfb29e5c
SHA256:
88F7F3F043385AF755892A67313D0173FB0855FAB07C7D0BB10D6A5695A42D61
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
fbba5c244fd8a342df26477e89d32cf1
SHA1:
daa079f8180d8589a3fc10bd993645d32aa3928b
SHA256:
E5D956CC5808491C93149B8948EB672C72BB942BDE4912A1487203602B30044F
File Size:
140.80 KB, 140800 bytes
|
|
MD5:
79b7f7a5051828814d6a476796ddfa39
SHA1:
f4e3be80f1dd2fbc9fe4110eb2ab45e20aade21a
SHA256:
94AC636EFA82EBF37B000435DAAB5722DE34C8FF0DF7987E98C89A4B8F9CE88B
File Size:
152.58 KB, 152576 bytes
|
|
MD5:
b1295cc88d533131d258fd377b0261d4
SHA1:
bfb96c9414e086d67c24a16c0ef29ddf7e15603a
SHA256:
024F12F584635395AEE6741A8CBC341523ABBC376E91091B6EAEA1D960A21D1C
File Size:
122.88 KB, 122880 bytes
|
|
MD5:
4f9f0519b932d922c4084871164da5d8
SHA1:
b7d61a2ad2c9ce8473b5add27bd881c7ad954b55
SHA256:
22BFC55A6FA1C198171DD1C1E83048F111F8CAE4149BB082353468226EC5BCF1
File Size:
147.97 KB, 147968 bytes
|
|
MD5:
92a64cd6ae5191e63e55841dc596f58b
SHA1:
d5d908b73ca59c0dc9d1eb62c96016ef9b6966a1
SHA256:
59ACC352256A0007B89DDCAD1670984BB4A3CCB824EB216D97C89D83FDAA7639
File Size:
184.83 KB, 184832 bytes
|
|
MD5:
3b138768981cd1aaecc4825048d9563a
SHA1:
421bcc0693fc6b2e9cbcb3efe63bd16e3c56b276
SHA256:
E5AEDB659CF3E749F7F4AFB00CF29B32BC916BA6870A972FF017A1CB0E3EB4D2
File Size:
139.78 KB, 139776 bytes
|
|
MD5:
cd0ccffe0e92fcf7da7660e24d16e573
SHA1:
7df4ffc958405e01ae447626dcae3bfab3f5cb1a
SHA256:
84A72A659E925B3A40C955E971C3AF24EA8E8871D39A7017FAB8E451257CFBF8
File Size:
141.82 KB, 141824 bytes
|
|
MD5:
cc5252331473ad9725e65c528a0deae3
SHA1:
19ac27e431dba38c6bb1009834978d012827da53
SHA256:
F7F586EB1BEEF3E9BE00D61416BF6AAA72E5E63441CC00E387A1FE738435097D
File Size:
132.10 KB, 132096 bytes
|
|
MD5:
a35456bb8a300ba392a92508101ffaac
SHA1:
437d4fe614f62d2521efaf71342d9ada701af76f
SHA256:
513845EAD5496F5DE8931C4A5391AF08282BD2DFE892B36554D0F9085A9C6E58
File Size:
139.26 KB, 139264 bytes
|
|
MD5:
3f4c734e8da0ea3952e279539d436e04
SHA1:
f3f5454fe5c1594ed370ab7431b31b01f6cf3d03
SHA256:
6AFD04967A28CC60D694C42A336C1F990E8F21952BB7408DEA1E8798F08F8979
File Size:
134.14 KB, 134144 bytes
|
|
MD5:
fa8ce63d7be4bd16a8d445a5c20ec0d2
SHA1:
4b7a99d82d0dc390045b6a3d019453f59ca36421
SHA256:
0A580077FF02E2623B0048719AA3AC5CC3D2E32C25190B65C3F8636829353356
File Size:
132.10 KB, 132096 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- dll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 10 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 9 |
Visual Map
?
?
x
?
?
?
?
?
?
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\57b3850770e543919034ea9001f100aee772c188_0000137216.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7fd6d9d052e9a6bec795269a6b93bda3c6b3bd8e_0000131072.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1ea55c1eecabaa63cd9d7b57e5c3043ad5966893_0000143360.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\44401811e62fe82af00c4ee5c5c7659152d3cfe9_0000135168.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5eb56a937c321d7745e9e0d751f8a3af5d930b0a_0000143360.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4cc98c2b1e437980ace03458052c422f209b6af7_0000131072.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\80b44bba55c7e617b9ee9bd781fb460ca29abfc4_0000152064.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\62a42c2e9b3fa24811e73f9a81397b77910d6687_0000140288.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\20257f6593e79dde009b52cf7247efa3de94ba26_0000132096.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ab22def574a6da227bd92b135016c9d9473e8aec_0000146432.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dab9071dd5dd577da483a3753d54b077cf8f2f64_0000123904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\046cb56f54fdad633a9fc46deb57455eaf3b1693_0000129536.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1265505fb80cab033629f4cbebdd0cb105205b1e_0000129024.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d35caab6cfea738fdd4f9021e995337c4d7455d1_0000145408.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\06a084bb4766096ccdd5e72cfb74cd3c79eab54a_0000135680.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ee5726954276d90f6c1f46a5924fc4bf5df3e3b8_0000130048.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3261e4ed31cb64ea049943c5e2c94fbcf06221f2_0000149504.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f8c1541ddbd2bae9b94295e86c79657ff2a8f233_0000151552.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9799de14fe888f2ffc43c45057c176a5197c2baa_0000140800.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fbc5550b48093be0c0e69c78de357779b39104af_0000144384.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a1705fea091539fb7def84f03052b890f0e2c1e6_0000163840.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\08a9f96571115c2689d74158b95bfd84fb3f42e3_0000140800.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5c0c0969a6c4a55385ff1394052639bcdd7e468f_0000128512.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\30949925b1678e48f78cc3f87d4c5731d397a71a_0000151040.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\25a0cd6ff84be9b489ec77000ced11e2f77ca647_0000151552.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\08a8df2e82180240c0e9c6a65cdf8592fdca34a6_0000125952.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b05a3d0df8a1661daef2969a8e7449b99517b916_0000137728.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\df8788938e77cb003b15ebb7b12edb25a7de6bd4_0000134144.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\061d3c3b05fe3abe3d4cb3314f2f9b60c871d1b0_0000141312.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\05407381685eeeea0039440330e9c19a6dec5854_0000157696.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0a4d90d6090b887bd44177b5d87cb317c904b817_0000149504.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cb77bc8b968d02f68ba2ce922f53aee4ff14f73d_0000145920.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e2661329fac531ff88a5e14a42944c9651187ed4_0000134144.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46cc276c0aa45368cf4ef471ef96080e1b3ac49e_0000158208.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a472bccd032293440533ac2c30ab6a83a3e4c221_0000130048.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6ed69d9b8a039a3ec37b6aa4bec8adf33419da1f_0000136192.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1bda01ecc81678aea70406c5900b38f86d7f39e9_0000119296.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\10de1dd04651d4d69ab2bf08951bcf6c97c50170_0000141824.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\27de67c0e80cb1236de509735b44e46422d78df9_0000151552.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b130ecd713a147365580156a8e5f134fe12d6a0c_0000150528.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c994d0fa8542944c922d5d90bc8d006efda9ffc3_0000135168.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f083179004c8a54026a4d6a1ef33e93fc2737051_0000154112.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac0ff29a279224dfba4c58754166613ff0ba3c57_0000140288.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3c8ab8e47bd324ddb93f63c7ce118c5593c6da29_0000152064.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\27e154965e9f88180e51e379543b948c34397733_0000128512.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3346337f6b9eedbd453183507436fe2b324ea374_0000144384.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5a270413b1c7dd834b5dae832339340c67c1357a_0000139264.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d3964c55b7cbca1ae96f4647b73fa2ff85a84d0a_0000141312.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bc16d1c324fe9c329e4a55cb617b24954d102a09_0000137728.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\66c995c6eb9c73c79831fb2ac2d1b379739e1945_0000134144.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\257840413c1ebd0fde4fcbb46c2b6a84f15a4e38_0000132608.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0cd47ad20f0e11091b643711fcbc9ce399563108_0000165376.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b063a6f43bf9a982ebc06b5bfdf079db194da9c6_0000151040.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\29c2f6f16fa4b966f6757369c2826d159aecc1f9_0000146944.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\698c85170c33dad8bf327e3d485bcfc53b366c35_0000154624.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eba316733678bab3cf6c535192521db50326f259_0000140288.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\82b6729db2f9ab7946c4386e46d63e258f2cfc92_0000142336.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ae300251dd4cbd3211c79cb5c232c9d0e902981c_0000119808.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\73d09591e7aefea034cd07bb34957d61bfb29e5c_0000147456.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\daa079f8180d8589a3fc10bd993645d32aa3928b_0000140800.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f4e3be80f1dd2fbc9fe4110eb2ab45e20aade21a_0000152576.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfb96c9414e086d67c24a16c0ef29ddf7e15603a_0000122880.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b7d61a2ad2c9ce8473b5add27bd881c7ad954b55_0000147968.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d5d908b73ca59c0dc9d1eb62c96016ef9b6966a1_0000184832.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\421bcc0693fc6b2e9cbcb3efe63bd16e3c56b276_0000139776.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7df4ffc958405e01ae447626dcae3bfab3f5cb1a_0000141824.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\19ac27e431dba38c6bb1009834978d012827da53_0000132096.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\437d4fe614f62d2521efaf71342d9ada701af76f_0000139264.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f3f5454fe5c1594ed370ab7431b31b01f6cf3d03_0000134144.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4b7a99d82d0dc390045b6a3d019453f59ca36421_0000132096.,LiQMAxHB
|
