Trojan.MSIL.Krypt.GEFR
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 673 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 38,602 |
| First Seen: | June 3, 2022 |
| Last Seen: | April 4, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Krypt.GEFR |
|---|---|
| Signature status: | Modified signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3cddb6b4d706dc895a047870172b52f8
SHA1:
f84665ebf2902a6788a29d126410f1873969a48d
SHA256:
4C3F6EED5BCDBC860116C640A03DAE765A4E4EEF4906ECC9E7DC76A17F96BC64
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
fe995a4df302c247f4767ccce4b2ace3
SHA1:
ecd747df5ae30874e8ccb75830b0a82cd0b2cfee
SHA256:
BE5840E4B90D76ACF09002ECA1C6670FC417FF3CAAB32BE6FAB362CC7A4EB1DE
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
5d35eabc184f757644d9224e724d4e58
SHA1:
df45cf37d24d02d46c8e0a8851293a8b61dfd68b
SHA256:
4AC6AA8887E3CC4DD753F92405BE67462B8A4A61D0D567163B7E0530CBE96985
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
a7ea7a57cacf50502abde1b51519004b
SHA1:
50f924a70e747dc688b4d77121ac927fcf04747c
SHA256:
6426C41F6ECADB870E718FEE83E385CBB9908970121AED3924ADD610F14E5A41
File Size:
2.54 MB, 2537000 bytes
|
|
MD5:
ae84a9ad10828992fa9daa54495ac077
SHA1:
8c67105b32fd62a2a576a2e5c78ca3e2a2d6c410
SHA256:
F3D04AEA27C578998A80E46FCD693C3C04B82B8F651F90B83C31103F062C6B88
File Size:
2.56 MB, 2558528 bytes
|
Show More
|
MD5:
1b75a9b57e25370245ca1e9ff8eba35c
SHA1:
7ecb7630be337e541f6d7d783d671f36ae6aa81a
SHA256:
6DA96FE3A4C6FC92F173C0F150D8D22885D68E9846B9FC266C41447E42923B14
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
7268aa654b7e245c0a491b3efc0a128a
SHA1:
74f9f012f7bdd72f575d2d4322ce0c0087b6d76a
SHA256:
472F6EF813032FBB3F5D626ACE7EB665D2EF53917A4A71906A1F97B53D5D7BF8
File Size:
2.56 MB, 2558528 bytes
|
|
MD5:
af9b54a6d9dec2d498ba652474281247
SHA1:
275555fc4cf6183436ed1cea8a1506a91f8c5800
SHA256:
267250422CAA625FD677155A4B929DACD626703673B41025830DD6D2E596C214
File Size:
176.80 KB, 176800 bytes
|
|
MD5:
203bcbcebbd49b9a894dd0e53b4b8aa2
SHA1:
8ae99a3622d10594ca687ac6af315754bdbeea5b
SHA256:
1AE2C2B5213C666C5E82B8466F4F322062FE3EF1E923A59FA8EC0DD6CF5F6539
File Size:
2.56 MB, 2558528 bytes
|
|
MD5:
8bd26c075cc7d0c15302c66a2a4ad0c1
SHA1:
e14b46b96d8ec41a5bb930c018de9c1ac59bf790
SHA256:
6B875FD99AFF4F9E34105E2765F052237C7DC1C4B981B4321057D755C94F268F
File Size:
2.56 MB, 2558528 bytes
|
|
MD5:
602c4d5b36587849bab8f107e40a41eb
SHA1:
9f9edc703e2270014b1aac07be90a7dc5b42467d
SHA256:
7F87E5CE63C13BDA52B6B1A7B957CE65F2DAE1034F8D540B6F7C47C5F8C2B2ED
File Size:
388.61 KB, 388608 bytes
|
|
MD5:
994479ea88d767c4a18b80f87f035a9a
SHA1:
c5a0fa07dd9a49f7158231cee4b44444e79f97dd
SHA256:
37C8E2583AB82A94DE0DB29F0FDFE3BDFF07D0BF1BDD91E19B198EEE49C41DED
File Size:
177.66 KB, 177664 bytes
|
|
MD5:
b552334aded4d90116b844256155987a
SHA1:
ce7918d2438c5e1feceecb111c85f32fc2b85b16
SHA256:
076297E97384E8C00BDB4CBB5A8C135D0E897557E79B27FF87C1BF31FF7AE02C
File Size:
177.66 KB, 177664 bytes
|
|
MD5:
a784766d3fd3a6462e9dfb0ef06dc5d0
SHA1:
ae66706242e60e7db1885092528d120181e5ff54
SHA256:
BDC1F1082A3A565FAB53774F4AD693D9BDC8FFBB4EDD8D91A97EA48A388D5121
File Size:
181.39 KB, 181392 bytes
|
|
MD5:
e0fc46ad97537911683dd095a48aa8c2
SHA1:
a92233cfa7ec3764d0f15006eeb7ef70869d163a
SHA256:
B810D1061D2198530A5164FEC2B1B117AFAA2E0EB0447AE5A70F09AAE27279DB
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
8d53df0eb2eb5160a49570c4167c1349
SHA1:
1659777c229c019d6ebde31f9b63751089040585
SHA256:
EE9CCE89FBB17E853191BEF02A5D9A63387FFD5DA9D7C51F82BBA98791059E24
File Size:
2.54 MB, 2539368 bytes
|
|
MD5:
db9e65345498d23b7d55bf96758df289
SHA1:
e3cf09ada919e779a42c090f55b6b712a91fd025
SHA256:
B4652D814992453D9582A8CAD4311E6E4CE121836F94C8077F14FE781E79D428
File Size:
2.53 MB, 2533816 bytes
|
|
MD5:
b6eb3c20c6bf7959709af3b1386c1aab
SHA1:
ac2bb89742969c527292d2075fcf22c905934908
SHA256:
18FBC74213B843DB153DC27DA341B0B68A1F9CB02A25F8BFAE6A237B01B77EA1
File Size:
2.54 MB, 2539368 bytes
|
|
MD5:
9e75d83ba2622072821570ed11528b7f
SHA1:
4ba7fefa877ac60d29258178fd34faebc8e9754d
SHA256:
051E7E609E355AA6A16578B02DE1AE63DDAC3B6C753416F86D1CC0996275A9EC
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
15204d5e03767a92e886bf2df5da568a
SHA1:
7a4f16f132e57e62ba1a48a9ecb745c1989aeb5a
SHA256:
11D8CB867E401994C9FA59518C12C5E898B4EF6A33292769FFD6AF38696C5610
File Size:
2.54 MB, 2539368 bytes
|
|
MD5:
b2568c47aacc9ce7f180bbb1350707ef
SHA1:
72a3f691ebff25e6cf9734d0d517e9f58d61ead7
SHA256:
3AF6FCE3744E0F39787D0E5A39DE1D37C365CEF13C5E3D7B37FA8571538AD31A
File Size:
2.56 MB, 2558528 bytes
|
|
MD5:
836a04f4bf94a68e33a56fffeba4d004
SHA1:
46e534f5bf765a9534b85be2cce56dc1fcc1aa70
SHA256:
85C128B64ECC5C2138AA536EBDFBDBCD73D08D22D5B8F21969935238709792AE
File Size:
96.77 KB, 96768 bytes
|
|
MD5:
65b38ad15d9464a09756449bdeddd808
SHA1:
a25c7cb6288b9f31cbb5b5f70e20df8fb59ff773
SHA256:
157154A88D9CAB50C98DE3308EA72CE0955960A5B17298190EAAC1315854BCA1
File Size:
2.54 MB, 2539368 bytes
|
|
MD5:
c561febf4061c73a08672dc9ed1a7983
SHA1:
fbfe97ebc6dd493bb516886dff86fe5b2445a972
SHA256:
33FBD2C91DE78B9986134E03BC3D3D6E53510791765A14999BA77E8406F41A4C
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
c7d8463240a6430b60687797a14cfb0c
SHA1:
9bbab0ae186280885bfa3b018dbb4690a7d4add3
SHA256:
3EDC14298889A29BF06C3FACFCBD92F4C83E4FC6952DB8558A4F5AC88DFA4C7B
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
6fcf75b2409f8cc218e334b8eec545a1
SHA1:
1a8bcc7fbd7750d63f34dd8bbacc0d5d6cab2d55
SHA256:
AC284CF3C3146F1A317E2E31B598B7C6B4ED9B929E1B38B4D380AA319A7CDE6D
File Size:
322.72 KB, 322720 bytes
|
|
MD5:
a6d737c85c83a2a052f97c66863cf905
SHA1:
da2e6d0dea2f24e37f7b170ffad020aad71c2b89
SHA256:
FF730C6CB6D38DD419D355755B9F7E8E579A00B24D73C808EB879FAC3DFA6C19
File Size:
323.07 KB, 323072 bytes
|
|
MD5:
5b26bfb53095ed9ef0a373be90833c87
SHA1:
6aa883617ee0d8b358e4a1abf68a0419e3b2cf15
SHA256:
2CA0060E602C96961A4EDBE55F093CE5224B72BC3D91D30E724A21023EBC8237
File Size:
2.55 MB, 2552264 bytes
|
|
MD5:
0645ea7b59e9a5ba4a2ef717fe20d025
SHA1:
4e071742cb8c0c3147da9e7f1755df4d8149274a
SHA256:
12DAE8E984DEC248168D3F1402B2E6A4AA00F727CB6AFBBEC895B5EB36971793
File Size:
2.51 MB, 2514248 bytes
|
|
MD5:
cfe32ca6d4c80423936860dab534cd9f
SHA1:
a4d1cdf60648dcd9f12663dac03aa2999e904d75
SHA256:
AEBB2B7D3B4CAC02D0CF03FB705C664E786E989DB1707D2EB9D64CF1AC3A7B9E
File Size:
2.52 MB, 2516432 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
|
| Company Name |
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | Reason Security is a trademark of Reason Software Company Inc. |
| Original Filename |
|
| Product Name |
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Reason Cybersecurity Inc. | Microsoft Identity Verification Root Certificate Authority 2020 | Root Not Trusted |
File Traits
- .NET
- dll
- HighEntropy
- Installer Manifest
- Installer Version
- ntdll
- RijndaelManaged
- x64
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Agent.OAAH
- MSIL.Agent.OAAK
- MSIL.Agent.OAAL
- MSIL.Agent.OAAU
- MSIL.AgentTesla.PH
Show More
- MSIL.Bladabindi.LB
- MSIL.Bladabindi.LE
- MSIL.ClipBanker.HJ
- MSIL.ClipBanker.THA
- MSIL.Downloader.JPB
- MSIL.Downloader.PFB
- MSIL.Krypt.MJK
- MSIL.Kryptik.SA
- MSIL.Kryptik.XG
- MSIL.Spy.Agent.IB
- MSIL.Tedy.NM
- MSIL.Ursu.PA
- MSIL.Ursu.TJA
- MSIL.Ursu.TJF
- MSIL.Ursu.TJG
- Stealer.UHAN
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\1659777c229c019d6ebde31f9b63751089040585_0002539368 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\50f924a70e747dc688b4d77121ac927fcf04747c_0002537000 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\6aa883617ee0d8b358e4a1abf68a0419e3b2cf15_0002552264 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\72a3f691ebff25e6cf9734d0d517e9f58d61ead7_0002558528 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\74f9f012f7bdd72f575d2d4322ce0c0087b6d76a_0002558528 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\7a4f16f132e57e62ba1a48a9ecb745c1989aeb5a_0002539368 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\7ecb7630be337e541f6d7d783d671f36ae6aa81a_0002552264 | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\7zs034185a0 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\arm64 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\arm64\reason.archiveutility-arm64.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\7zs034185a0\arm64\reason.archiveutility-arm64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\cs-cz | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\cs-cz\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\cs-cz\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\da-dk | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\da-dk\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\da-dk\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de-de | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de-de\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de-de\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\de\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\el-gr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\el-gr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\el-gr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es-es | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es-es\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es-es\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\es\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fi-fi | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fi-fi\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fi-fi\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr-fr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr-fr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr-fr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\fr\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hi-in | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hi-in\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hi-in\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hr-hr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hr-hr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hr-hr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hu-hu | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hu-hu\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\hu-hu\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\id-id | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\id-id\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\id-id\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it-it | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it-it\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it-it\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\it\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja-jp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja-jp\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja-jp\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ja\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ko-kr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ko-kr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ko-kr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\microsoft.win32.taskscheduler.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\microsoft.win32.taskscheduler.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nb-no | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nb-no\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nb-no\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\newtonsoft.json.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\newtonsoft.json.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nl-nl | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nl-nl\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\nl-nl\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl-pl | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl-pl\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl-pl\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pl\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-br | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-br\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-br\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-pt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-pt\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt-pt\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\pt\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\reason.pac.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\reason.pac.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ro-ro | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ro-ro\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ro-ro\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsdatabase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsdatabase.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsjson.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsjson.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rslogger.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rslogger.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsstublib.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rsstublib.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rssyncsvc.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rssyncsvc.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rstime.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\rstime.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru-ru | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru-ru\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru-ru\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\ru\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sk-sk | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sk-sk\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sk-sk\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl-si | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl-si\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl-si\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sl\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv-se | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv-se\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv-se\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\sv\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\system.data.sqlite.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\system.data.sqlite.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\system.valuetuple.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\system.valuetuple.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\th-th | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\th-th\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\th-th\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr-tr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr-tr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr-tr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\tr\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\unifiedstub-installer.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\unifiedstub-installer.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-dns.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-dns.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-epp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-epp.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-vpn.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\uninstall-vpn.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\vi-vn | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\vi-vn\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\vi-vn\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\x64 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\x64\reason.archiveutility-x64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\x64\reason.archiveutility-x64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-cn | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-cn\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-cn\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-cn\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-cn\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-hant | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-hant\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-hant\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-tw | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-tw\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs034185a0\zh-tw\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\arm64 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\arm64\reason.archiveutility-arm64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\arm64\reason.archiveutility-arm64.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\cs-cz | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\cs-cz\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\cs-cz\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\da-dk | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\da-dk\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\da-dk\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de-de | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de-de\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de-de\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\de\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\el-gr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\el-gr\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\el-gr\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es-es | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es-es\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es-es\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es\microsoft.win32.taskscheduler.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\es\microsoft.win32.taskscheduler.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fi-fi | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fi-fi\unifiedstub.resources.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fi-fi\unifiedstub.resources.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fr-fr | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs04e09881\fr-fr\unifiedstub.resources.dll | Generic Write,Read Attributes |
3335 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Shell Execute |
|
| Syscall Use |
Show More
|
| User Data Access |
|
| Network Info Queried |
|
| Encryption Used |
|
| Other Suspicious |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
.\UnifiedStub-installer.exe
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9f9edc703e2270014b1aac07be90a7dc5b42467d_0000388608.,LiQMAxHB
|
