Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Clicker.CCE

Trojan.MSIL.Clicker.CCE

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Clicker.CCE
Signature status: No Signature

Known Samples

MD5: 41313d93e8a8131f511f0b5c5754fbf1
SHA1: 3748a497e79f3aa88dfeff893577fba3d933feb8
SHA256: 6210C2A4257A9579748593FAAA39B8199D6D1196A0B499FB9544F1EF9457012B
File Size: 18.94 KB, 18944 bytes
MD5: ef83e731b96d75dd6a0516a28a878ad1
SHA1: fd8ecb9df6a733c2e6d3978a11a90263eba1ff23
SHA256: 50790452B1F52FF8705D9A9139514BC2948A57701486FC848ECF6299EDC3EA16
File Size: 18.43 KB, 18432 bytes
MD5: 6f64176a983faf9b8646e2ebfc321a61
SHA1: 259e6a1a5fcd445677b850ffac4ae39ef176c909
SHA256: CEA7307638AA53369033FDF9DD80F448DD6212B911D61F6314BFEF68D320C4D1
File Size: 18.94 KB, 18944 bytes
MD5: 040510bf1f9ca9cbe9a3b03eea904cdb
SHA1: fc1d2028dfdf73b8297a262e6f9cadc7ede7b675
SHA256: 89593A84BE8717B2CE00D8A46D709F737137BBF1CC5D4C1C1C34E03128463C21
File Size: 18.94 KB, 18944 bytes
MD5: ee26a34c356aedfac711cab491a090fa
SHA1: 505edcb6424960a5fc378a8084261d2cde43b191
SHA256: 7E029216B1DA1428296F63AE305163EAAAA0DBB09A0EDC1B2A8A0D7CE1E77718
File Size: 8.80 MB, 8803328 bytes
Show More
MD5: a95c8b253e6f82985f02e7d1addfef1e
SHA1: f63fa7180c99e15453e1346532e966349688ef56
SHA256: 392F338082EE0EEFC9309D04A77CBD548818961AEAD90FDECDBC2A391B29AB7E
File Size: 7.74 MB, 7740416 bytes
MD5: a851d45b4479ce00b0fac3ce23e26fb7
SHA1: 76051283ded09e5d6e90d93b13419051155a42d4
SHA256: F9F06D70D626C7F6A2AA270EE56154F66A2F3DC501A794E6E3BC1EB1B9D6E0F5
File Size: 7.41 MB, 7414272 bytes
MD5: fec32c7b9bbf5cf4f68156d9133941ef
SHA1: 50338df1defb9b97d5f5cbb298843953d7d6f44c
SHA256: B92787FC8D36FD4161873862878E2DE2924F18B458D364CFD0AC1A37EF0B70B6
File Size: 7.51 MB, 7506432 bytes
MD5: 0ae080786a976c050e001337d8274b19
SHA1: 2f380e8ee97d8832fc9b11e051a566f3871d6380
SHA256: 206CDE049366E236F13613CE9C837A9CFFAB5F9759748A4B0B83519E4EFE645D
File Size: 18.94 KB, 18944 bytes
MD5: dff00aa9fc8b809852d8843bd5831c31
SHA1: 41e97298213814754f0c8cede3904edf88886d4c
SHA256: 79BAD815EF66E4578DED74494BC9D007BE984EE5FA6CEE63C20C0CB389962E1F
File Size: 8.20 MB, 8199680 bytes
MD5: 704613c5cdc58283d70d7a3b79eacb5c
SHA1: e5a371d48a541827fdeeaea13a6da19840be53c2
SHA256: B315ECD73D6AE415A37062AC2C766BBECF894ED6ADDBB8AC1C2A57936719F0D8
File Size: 9.08 MB, 9078784 bytes
MD5: e880b3134f4178bbf8655741c561b7a1
SHA1: 5e23a7857bd34b0ed1e4b4075fc3b45381224d14
SHA256: AA84EFC2758A9AEA0D9DA65E25CF500711FAA6D2966CF836E56DEB1EBEF663FF
File Size: 7.79 MB, 7791104 bytes
MD5: bfa9547346a6db34e494086e15a93beb
SHA1: 4c2788dd71f2566db12830384bc9d0da8fdcd1d5
SHA256: 2E04CEB974479C75B642527CEBF533C8C08E476DE7D5CC26F33FFB5ADDB68607
File Size: 8.34 MB, 8338432 bytes
MD5: fc694dd3d0dc863c76ff9ca3af1c9285
SHA1: 407119c9ddd8c6715f1d917096a6f4771dcdc6b9
SHA256: 28EE7096B6E490ACC41D761CFBD9DE8F3E001DD20E21A57DFCF7433B8BE16860
File Size: 4.35 MB, 4352496 bytes
MD5: f93f4199a69c85b1d1a0757521df9d90
SHA1: eb6288cb0f26e4c37fdd55cb8e751fa7301429be
SHA256: ACC1A18AF90616E389A35EE15FB4ACA803206E064ADB6354C1E15F687BCA22CC
File Size: 7.64 MB, 7638016 bytes
MD5: 27d83456eb9fbf5ca86f89fa73f06789
SHA1: 99c2f64c5f6d387469209c0b4459abc6083f0f0a
SHA256: 20DBC26B3492FB3804F9F83CB66B36EFE6A985EAC914BB1886AA290E0324CC2B
File Size: 8.51 MB, 8508928 bytes
MD5: ea894fcf4656513fed47b4ab31bb4d32
SHA1: 200631e93891918eb2ead84ac0ec2ee39d043e9a
SHA256: 544BB3252FC398DD98627DF39DE71760C61F80D6FE212F29B22E18630BB8E216
File Size: 9.06 MB, 9056256 bytes
MD5: e68d0dac9adc98883729582afbdc9c35
SHA1: bbc52846fca05fdc41a69539f3fbaf63f04b35fd
SHA256: CBFFB1BDFC6C450E51742720CAA2163F52CA7AFC3B843A2B9AF0F63FCD3B9ACE
File Size: 7.41 MB, 7407104 bytes
MD5: 960d57014e8c4465464ad7273b9405ad
SHA1: fb4f31c0389b9e8c96f351d0808cdd08947ac8aa
SHA256: CC69AAA95E148F5500BC3993AFBF8A22A93EF3F4B9A776A7A8B6DEAF1508B4F4
File Size: 7.55 MB, 7552512 bytes
MD5: 42408764a64f6e68331e3e3c4bc693c9
SHA1: 11879df7e3fc52764dd45c63b54e217d45dff57f
SHA256: 9FCD2004A7DFEC811B0FFEFFA909153D34E84DC907EB807BF08DB1E3A422835F
File Size: 6.46 MB, 6464716 bytes
MD5: ae0bc6c22f4bdb302ae78c1e512df7b9
SHA1: 18b83f2ae733b8f5352ba8b1cba8ad45b383d312
SHA256: B59DF85D492A4F576F04BBA2ACAFC669E71393FBE7139CB4E723D6B706D6496A
File Size: 9.92 MB, 9920792 bytes
MD5: 702b2bfe23203174bc9f7ad02b12617f
SHA1: b1d92393c9c1758d791adad8730d4349daaf2a61
SHA256: DABD915D373DCD8E76FB1E3018282DA8C45D45EB2CCE958C3A45E86BAED1BE61
File Size: 8.04 MB, 8037888 bytes
MD5: 71a168b7c8acc1de0d1168d572f8c30a
SHA1: 6e630f46c7e9838b62775ae4bda5c429e5df7488
SHA256: D993D0B4B7D6C99BA4DCAFE1850E3753F2469AF08FFC56067AE8607AF6BD117A
File Size: 5.89 MB, 5889790 bytes
MD5: fbb31918f318eecf034ce91dc9f61234
SHA1: edf1518f94548831618d8b6a1e2dfef9b8233623
SHA256: BF7152126E8F78CA017C45E6A627125F37D7661F224F0B277267B49EE36BA76B
File Size: 8.21 MB, 8205312 bytes
MD5: 027e6240014905506c025280dcee05be
SHA1: 96abe4eb77abff5605f0ff10c59e2f4ca00da2b8
SHA256: E70F1C8AE8F90660B7DC83877AB7DDC8486B9D049574930AFE415EAFC6DEAE64
File Size: 4.43 MB, 4431859 bytes
MD5: 4435f3742e7563c1f3e0d6fbaab53390
SHA1: e01d8ae997b430eb11111a512d15de55c20eb4da
SHA256: 884D36CA4B30A71D875EB4FDABC9B4E6A3CD6BC808766CAC43027B204783FA3F
File Size: 6.03 MB, 6025393 bytes
MD5: 8621c35be412a40dcb719e27c9e890b9
SHA1: 1189a14473e3ba7d8abf021fcebc5ea96f377614
SHA256: 1ED54FB99544C1640C1F67FF593A43AA0B73FCFC11A9F8A252D03948DEE56522
File Size: 8.04 MB, 8044032 bytes
MD5: 9a8353fccca7b81ba8296b3350c163d5
SHA1: e0456e2269ee63db47ad466adbc6e90f916775ee
SHA256: 1889C157DD0E59EB96718B45F7AFDC9CA2E8D34E27749673C2284C70B7946C28
File Size: 6.16 MB, 6163292 bytes
MD5: 0c96460b4ce45203fd985ca5f7e8ab5e
SHA1: 9305574d40a9128e60dee0e009d7980575eaa37b
SHA256: 7A1D511C3A0CC9A9CF441700B04A6ADEEDF65D6A94A986BFA1F949F46A8F4415
File Size: 6.58 MB, 6579971 bytes
MD5: 221506acc32c8f74c5d6c949a05dca1e
SHA1: 54075d78a72d76d92260045a894e14a0b0ba1dd1
SHA256: 86468B2E97B6ABE7C194A3DAC1112978490CB97E31F2AEF31BA94F3672928E00
File Size: 5.56 MB, 5563856 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Advanced service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity. Advanced service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity. ahape_2235 Advanced service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity.
  • Cutting-edge AI that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation. Cutting-edge AI that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation. uve_6843 Cutting-edge AI that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation.
  • Cutting-edge platform that analyzes your integration. Seamless assistant that accelerates your storage. Cutting-edge engine that supports your data. Cutting-edge platform that analyzes your integration. Seamless assistant that accelerates your storage. Cutting-edge engine that supports your data. socu_9720 Cutting-edge platform that analyzes your integration. Seamless assistant that accelerates your storage. Cutting-edge engine that supports your data.
  • Dynamic AI that integrates your workflow. Secure suite that detects your integration. Innovative solution that accelerates your files. Dynamic AI that integrates your workflow. Secure suite that detects your integration. Innovative solution that accelerates your files. aho_4556 Dynamic AI that integrates your workflow. Secure suite that detects your integration. Innovative solution that accelerates your files.
  • Dynamic platform that integrates your analytics. Innovative solution that automates your productivity. Powerful service that accelerates your storage. Dynamic platform that integrates your analytics. Innovative solution that automates your productivity. Powerful service that accelerates your storage. erace_2074 Dynamic platform that integrates your analytics. Innovative solution that automates your productivity. Powerful service that accelerates your storage.
  • Efficient platform that improves your scalability. Seamless utility that controls your files. Robust extension that analyzes your performance. Efficient platform that improves your scalability. Seamless utility that controls your files. Robust extension that analyzes your performance. Efficient platform that improves your scalability. Seamless utility that controls your files. Robust extension that analyzes your performance. Efficient platform that improves your scalability. Seamless utility that controls your files. Robust extension that analyzes your performance.
  • Efficient system that optimizes your connectivity. Innovative interface that boosts your tasks. Smart software that automates your speed. Efficient system that optimizes your connectivity. Innovative interface that boosts your tasks. Smart software that automates your speed. ave_6630 Efficient system that optimizes your connectivity. Innovative interface that boosts your tasks. Smart software that automates your speed.
  • Fast module that supports your data. Intelligent interface that enhances your security. Advanced platform that manages your scalability. Fast module that supports your data. Intelligent interface that enhances your security. Advanced platform that manages your scalability. era_4155 Fast module that supports your data. Intelligent interface that enhances your security. Advanced platform that manages your scalability.
  • Flexible assistant that detects your files. Versatile assistant that integrates your system. Scalable solution that supports your system. Flexible assistant that detects your files. Versatile assistant that integrates your system. Scalable solution that supports your system. goq_2158 Flexible assistant that detects your files. Versatile assistant that integrates your system. Scalable solution that supports your system.
  • Innovative utility that improves your network. Reliable framework that coordinates your data. Innovative framework that protects your automation. Innovative utility that improves your network. Reliable framework that coordinates your data. Innovative framework that protects your automation. vok_9708 Innovative utility that improves your network. Reliable framework that coordinates your data. Innovative framework that protects your automation.
Show More
  • Lightweight tool that improves your security. Smart module that monitors your performance. Fast application that monitors your operations. Lightweight tool that improves your security. Smart module that monitors your performance. Fast application that monitors your operations. dile_7957 Lightweight tool that improves your security. Smart module that monitors your performance. Fast application that monitors your operations.
  • Robust software that protects your tasks. Powerful engine that streamlines your data. Cutting-edge suite that detects your files. Robust software that protects your tasks. Powerful engine that streamlines your data. Cutting-edge suite that detects your files. cikis_240 Robust software that protects your tasks. Powerful engine that streamlines your data. Cutting-edge suite that detects your files.
  • Seamless application that optimizes your connectivity. Powerful program that integrates your scalability. Efficient application that optimizes your analytics. Seamless application that optimizes your connectivity. Powerful program that integrates your scalability. Efficient application that optimizes your analytics. lug_6300 Seamless application that optimizes your connectivity. Powerful program that integrates your scalability. Efficient application that optimizes your analytics.
  • Seamless framework that controls your storage. Dynamic technology that customizes your network. Advanced platform that detects your connectivity. Seamless framework that controls your storage. Dynamic technology that customizes your network. Advanced platform that detects your connectivity. bosay_1255 Seamless framework that controls your storage. Dynamic technology that customizes your network. Advanced platform that detects your connectivity.
  • Seamless interface that controls your files. Robust software that streamlines your automation. User-friendly software that controls your processes. Seamless interface that controls your files. Robust software that streamlines your automation. User-friendly software that controls your processes. emo_4766 Seamless interface that controls your files. Robust software that streamlines your automation. User-friendly software that controls your processes.
  • Secure framework that enhances your connectivity. Advanced engine that accelerates your network. Reliable engine that boosts your productivity. Secure framework that enhances your connectivity. Advanced engine that accelerates your network. Reliable engine that boosts your productivity. hap_3778 Secure framework that enhances your connectivity. Advanced engine that accelerates your network. Reliable engine that boosts your productivity.
  • Secure interface that improves your data. Reliable module that supports your data. Intelligent interface that enhances your security. Secure interface that improves your data. Reliable module that supports your data. Intelligent interface that enhances your security. acej_1976 Secure interface that improves your data. Reliable module that supports your data. Intelligent interface that enhances your security.
  • Secure service that optimizes your analytics. Lightweight software that simplifies your operations. Lightweight application that simplifies your workflow. Secure service that optimizes your analytics. Lightweight software that simplifies your operations. Lightweight application that simplifies your workflow. qadil_9079 Secure service that optimizes your analytics. Lightweight software that simplifies your operations. Lightweight application that simplifies your workflow.
  • Smart service that customizes your workflow. Intelligent technology that improves your analytics. Cutting-edge program that customizes your processes. Smart service that customizes your workflow. Intelligent technology that improves your analytics. Cutting-edge program that customizes your processes. amusi_5525 Smart service that customizes your workflow. Intelligent technology that improves your analytics. Cutting-edge program that customizes your processes.
  • User-friendly utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation. User-friendly utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation. qadi_4085 User-friendly utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation.
  • Versatile framework that improves your network. Lightweight engine that analyzes your data. Seamless assistant that customizes your productivity. Versatile framework that improves your network. Lightweight engine that analyzes your data. Seamless assistant that customizes your productivity. wadef_7439 Versatile framework that improves your network. Lightweight engine that analyzes your data. Seamless assistant that customizes your productivity.
Company Name
  • Advanced service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity.
  • amusi_5525
  • Blackshaw
  • cikis_240
  • Cutting-edge AI that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation.
  • Cutting-edge platform that analyzes your integration. Seamless assistant that accelerates your storage. Cutting-edge engine that supports your data.
  • Dynamic AI that integrates your workflow. Secure suite that detects your integration. Innovative solution that accelerates your files.
  • Dynamic platform that integrates your analytics. Innovative solution that automates your productivity. Powerful service that accelerates your storage.
  • Efficient system that optimizes your connectivity. Innovative interface that boosts your tasks. Smart software that automates your speed.
  • emo_4766
Show More
  • Fast module that supports your data. Intelligent interface that enhances your security. Advanced platform that manages your scalability.
  • Flexible assistant that detects your files. Versatile assistant that integrates your system. Scalable solution that supports your system.
  • Innovative utility that improves your network. Reliable framework that coordinates your data. Innovative framework that protects your automation.
  • Lightweight tool that improves your security. Smart module that monitors your performance. Fast application that monitors your operations.
  • lug_6300
  • Seamless framework that controls your storage. Dynamic technology that customizes your network. Advanced platform that detects your connectivity.
  • Secure framework that enhances your connectivity. Advanced engine that accelerates your network. Reliable engine that boosts your productivity.
  • Secure interface that improves your data. Reliable module that supports your data. Intelligent interface that enhances your security.
  • Secure service that optimizes your analytics. Lightweight software that simplifies your operations. Lightweight application that simplifies your workflow.
  • User-friendly utility that optimizes your operations. Fast utility that simplifies your operations. Powerful assistant that improves your automation.
  • Versatile framework that improves your network. Lightweight engine that analyzes your data. Seamless assistant that customizes your productivity.
File Description
  • afoh_557
  • Alleviates
  • allowances kilty refracted Mala sendero finca sendero kilty refracted allowances kilty refracted Mala sendero finca sendero kilty refracted allowances kilty refracted Mala sendero finca sendero kilty refracted allowances kilty refracted Mala sendero finca sendero kilty refracted
  • amphitheatre flattering minuteman amphitheatre resells Galactose Enc amphitheatre flattering minuteman amphitheatre resells Galactose Enc amphitheatre flattering minuteman amphitheatre resells Galactose Enc amphitheatre flattering minuteman amphitheatre resells Galactose Enc
  • axav_5388
  • big_8292
  • eca_3910
  • efa_1708
  • eho_7919
  • ewa_2732
Show More
  • Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated Happenstance linoleic Hidebound safeguarding cathie unzen Balt linoleic Happenstance karlen Incinerated Hidebound Incinerated
  • ibo_5916
  • imowu_2504
  • izo_5651
  • jabe_2747
  • ocix_6728
  • okiv_3983
  • otofa_6731
  • partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen partridges laundry adrift laundry bunyan blankenship Hibernia Shenzhen
  • Pharma Indosuez Frothing Interruptible toweling toweling Interruptible Pharma tata toweling acrobat harrassing Pharma Frothing suburban Pharma Indosuez Frothing Interruptible toweling toweling Interruptible Pharma tata toweling acrobat harrassing Pharma Frothing suburban Pharma Indosuez Frothing Interruptible toweling toweling Interruptible Pharma tata toweling acrobat harrassing Pharma Frothing suburban Pharma Indosuez Frothing Interruptible toweling toweling Interruptible Pharma tata toweling acrobat harrassing Pharma Frothing suburban
  • Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce Produce Produce delivers Copayments porcupines lotto cap Outwit Produce Produce
  • qala_2039
  • rafsanjani logger Procreation winnings Procreation Threshold penang kandy rafsanjani logger Procreation winnings Procreation Threshold penang kandy rafsanjani logger Procreation winnings Procreation Threshold penang kandy rafsanjani logger Procreation winnings Procreation Threshold penang kandy
  • riye_8657
  • sequencer indentation meigs Nusbaum Nusbaum Conglomerate dubrow Cdrom Conglomerate sequencer indentation meigs Nusbaum Nusbaum Conglomerate dubrow Cdrom Conglomerate sequencer indentation meigs Nusbaum Nusbaum Conglomerate dubrow Cdrom Conglomerate sequencer indentation meigs Nusbaum Nusbaum Conglomerate dubrow Cdrom Conglomerate
  • Smokescreen xo Gutman Wickets manga depression Smokescreen xo Gutman Wickets manga depression Smokescreen xo Gutman Wickets manga depression Smokescreen xo Gutman Wickets manga depression
  • tehex_7777
  • ugas_9300
  • uliqu_4193
  • wapu_5466
File Version
  • 9.7.9.53
  • 8.3.5.48
  • 6.8.2.103
  • 6.7.9.73
  • 5.1.9.166
  • 2.7.2.152
  • 1.9.9.71
  • 1.7.6.137
  • 1.7.6.95
  • 1.0.0.0
Internal Name
  • acej_1976.exe
  • ahape_2235.exe
  • aho_4556.exe
  • amusi_5525.exe
  • ave_6630.exe
  • Blackshaw.exe
  • bosay_1255.exe
  • cikis_240.exe
  • dile_7957.exe
  • emo_4766.exe
Show More
  • erace_2074.exe
  • era_4155.exe
  • goq_2158.exe
  • hap_3778.exe
  • lug_6300.exe
  • qadil_9079.exe
  • qadi_4085.exe
  • socu_9720.exe
  • uve_6843.exe
  • vok_9708.exe
  • wadef_7439.exe
Legal Copyright
  • 2025 Appealed
  • 2025 Copayments
  • 2025 Incinerated
  • Cdrom
  • Copyright © 2025
  • Eastland
  • Reem
  • Reportedly
  • Starkness
  • Wordings
Original Filename
  • acej_1976.exe
  • ahape_2235.exe
  • aho_4556.exe
  • amusi_5525.exe
  • Appealed.exe
  • ave_6630.exe
  • Blackshaw.exe
  • bosay_1255.exe
  • Cdrom
  • cikis_240.exe
Show More
  • Copayments.exe
  • dile_7957.exe
  • Eastland
  • emo_4766.exe
  • erace_2074.exe
  • era_4155.exe
  • goq_2158.exe
  • hap_3778.exe
  • Incinerated.exe
  • lug_6300.exe
  • qadil_9079.exe
  • qadi_4085.exe
  • Reem
  • Reportedly
  • socu_9720.exe
  • Starkness
  • uve_6843.exe
  • vok_9708.exe
  • wadef_7439.exe
  • Wordings
Product Name
  • afoh_557
  • Alleviates
  • Appealed
  • axav_5388
  • big_8292
  • Cdrom
  • Copayments
  • Eastland
  • eca_3910
  • efa_1708
Show More
  • eho_7919
  • ewa_2732
  • ibo_5916
  • imowu_2504
  • Incinerated
  • izo_5651
  • jabe_2747
  • ocix_6728
  • okiv_3983
  • otofa_6731
  • qala_2039
  • Reem
  • Reportedly
  • riye_8657
  • Starkness
  • tehex_7777
  • ugas_9300
  • uliqu_4193
  • wapu_5466
  • Wordings
Product Version
  • 9.7.9.53
  • 8.3.5.48
  • 6.8.2.103
  • 6.7.9.73
  • 5.1.9.166
  • 2.7.2.152
  • 1.9.9.71
  • 1.7.6.137
  • 1.7.6.95
  • 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf357f.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga592.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4b.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsne1f1.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb9c1.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra709.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud20c.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva331.tmp\nsexec.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsxa777.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 謃㊵塀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 瘈욟窕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⳬ舜ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 泣꽢诜ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 樺鸘鎵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뤖谥鐴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⨔⊍鞏ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ඳ띯騑ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꕮ硴ꘚǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Ucshqlvm\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Hbusbzwt\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Nhnjknqy\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Loxzwzxe\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Zfxmgibt\AppData\Local\""
Show More
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Jtbjefbo\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Nhwzegqf\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Ogvbnwwa\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Sbezglli\AppData\Local\""

Trending

Most Viewed

Loading...