Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.ShellcodeRunner

Trojan.MSIL.ShellcodeRunner

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,389
Threat Level: 80 % (High)
Infected Computers: 932
First Seen: April 17, 2024
Last Seen: April 20, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.ShellcodeRunner
Signature status: No Signature

Known Samples

MD5: 626ed9fd17d14e627f5b164aa313e899
SHA1: 2898602164a46046b8fc1ed646198713d89e9d6a
File Size: 448.51 KB, 448512 bytes
MD5: 99aff170e1d44638db7d08c39f40a0f8
SHA1: 20bac09d2cad71400db551e62f8797947768b9f6
SHA256: C53F72D34623270D4B3AB4F1CF19E3983962DA39CA5BA398F0EBB5BA39B0445E
File Size: 448.51 KB, 448512 bytes
MD5: bba4930aa34c6f74987a25cd8022eac0
SHA1: 0f0b4a696b8b902d478afe560b1dee7bef69de53
SHA256: 564FBD2102F3F574B6C420A5F8F6CBA119BB7E7F5ADF741FA1B14FF735C0EA5E
File Size: 545.28 KB, 545280 bytes
MD5: 2fb455f104df0f5baeaa245dafa42787
SHA1: 1c0241b6a94bba3885cff299431ce3c0a7d51c1a
SHA256: 76687C2D68A4C07DDF3DDE145ED43524ACFFD5B22EAD16AC3D68758B551414F3
File Size: 702.46 KB, 702464 bytes
MD5: 8ccc6bf0dc1abffc409de7da1e651a4a
SHA1: dd55d45cd4b572dcec69e8fe8307099d9b26259e
SHA256: EB05D7751E477B3A3AB12B0C0044C8100D42603D11B38373F53A2A3012A61D2E
File Size: 3.47 MB, 3470848 bytes
Show More
MD5: 40cd724d7bde3e9f161036bdd7bc33ca
SHA1: fb8ad6a257cbf11bfc7fdac0e0c019df8320bb87
SHA256: BE4E36CB42FCADDE12C9A8AB2760C906DCFB4A905BCA4E13A83B9CB878512853
File Size: 654.34 KB, 654336 bytes
MD5: 808e849328f6abda66265aea284a64be
SHA1: 3590806ec47b21fd73bc074625190e709af86678
SHA256: 83FF0FA651693F5684843E2B6017FCFC0B01AD254DC85D317BF6F35E3ADD4ED4
File Size: 175.10 KB, 175104 bytes
MD5: 0434de6cdc21bf79a0f0fbcb91ad7ec5
SHA1: 48f4447297bad90fba1bf99e2dcf1632192b43e5
SHA256: F90A722C345795B669587FD73139A4AE72EA02CB7CE2FCDB4C94063CFC044339
File Size: 545.79 KB, 545792 bytes
MD5: b16d07df0c5415178a6b94080bc19c9e
SHA1: f35639808ee79c17561ac978df081b1389f6353b
SHA256: 94BE428C74C0DE056AF22F3319C673D64530CFE69D87FCA749988AC2F01730FD
File Size: 6.86 MB, 6856704 bytes
MD5: 75ec7666bc57e05933340402b8f899bd
SHA1: e1edf0a226b62fdc02b4aa3110061457757efa14
SHA256: C612ED1082D20B1919105D3165EC46E54C037408AFA8FAD9C335B16624781588
File Size: 330.24 KB, 330240 bytes
MD5: 0b6b90af455eedcb5136a3edb36bfb6e
SHA1: 4b2e0b73367122736da89214fe19dceb58dd685e
SHA256: EC0F8F2D38CA11022F807BBDCAF9B5634ED906555800BF859F8541B41E52EFF3
File Size: 755.71 KB, 755712 bytes
MD5: aedfabb105244c1a03f1461cc048485b
SHA1: f0ff0529451160efce066a0c2dbbb6df89692cf0
SHA256: 0F890E65D12606C77B3D5CA9355DA97B59250DC56C7227D8D673B745BEA6CDA1
File Size: 440.83 KB, 440832 bytes
MD5: 9e495c6446becd686f132e64394b53ff
SHA1: 6c6203925a8dcf8388a628e999497ca51abc90f6
SHA256: DEFB1AE555A48C520C410D1CB1F0811523A2392248ED9D5E5765FC104FCA4DB5
File Size: 424.45 KB, 424448 bytes
MD5: 4100a407325eb6ac718fcb6d8e5dd425
SHA1: 1269aad9bcb6fc87f4dfc1b5f786754801a80f66
SHA256: 4B97EA256555714EB3DFBA61E035D7D44094F067B274E291205850B466A73986
File Size: 806.40 KB, 806400 bytes
MD5: dedcc4c1f44324c0c0596e820b046b70
SHA1: cfdec3f8ea41a1ac26f0f28bb860ad4aa747cfad
SHA256: ACF3129BF63CF5EA1955CC92D565BE498A2F635990D8311A702D4AD99F2C4450
File Size: 162.82 KB, 162816 bytes
MD5: 979a5ce031efb28b21d416f31cd58984
SHA1: b1c922427c58ead5d08e76e14ea55c14ff13f089
SHA256: C1966BACA6E805BF5A689FD7871A715C8824CAD5E7290B547FC6F5557FD1F002
File Size: 150.53 KB, 150528 bytes
MD5: 33b8d38596c824e105c53fb65ad1993d
SHA1: a9c5b58fca4f97e4c179d1546e48d4c7b542cb30
SHA256: 03812DC0F46B72E26D5F21C0B72B7410081A85EEC61239C404AAEA36F78E0640
File Size: 139.26 KB, 139264 bytes
MD5: e743d3a0e0867472d0b3cc17256bb47d
SHA1: ec43294ec03d11995a240d018fe1f8836e7591d6
SHA256: B7360998CF8A3F47B87853C2187A476E85E004F58F487D1AA704226D978740FC
File Size: 239.62 KB, 239616 bytes
MD5: 91576d0fd2c6caa82e3fdb842d7d3b99
SHA1: 84c91e79bc4211fede56215c5915917fb5b38180
SHA256: 3E9A7B73B75A0000DF77DBF7EBA5779B3B0A131EC51C41A463574966884F77F3
File Size: 3.50 MB, 3501568 bytes
MD5: 49f85f864492ff8ba29d78c0b33b5594
SHA1: 98a808dd5c9ba2af5e5928bba11b238a618ba793
SHA256: 3357A88FA7650CB70A483C46753202318FA62F1AB24204E3CF1D573AF2EDE783
File Size: 408.58 KB, 408576 bytes
MD5: a87020c53521ed15bfff9662f9d35982
SHA1: 235e2ab1817f49882818348ef875eb0b73cd6819
SHA256: 896EE9BDBC653C3CB5888F081D9B8902CD2FE4DE649C94429145E1B73BF15D2E
File Size: 10.24 KB, 10240 bytes
MD5: 0fead4286e7b0735ca5817cf28a0b287
SHA1: 8aa0eeee88764c6445390321a779c7757a60650b
SHA256: 776A498002B8E93671F6A3EE43CD2824ADC21192EF903CD3FC2F0C92FDB1DE8E
File Size: 483.33 KB, 483328 bytes
MD5: 8e07ad2ab4c6474e3b8f426c4f8fdac7
SHA1: 4894347493f4f4b2b89deace2bbeb9561c7f0743
SHA256: E88EC6C12CE60C3E0E71B79AE46833DDB701345E169897714C964B814B21DDBD
File Size: 4.61 KB, 4608 bytes
MD5: f9c7ba0d7b968d0ae565532622ca2a79
SHA1: fbf327502aa79f672c6d6e71391617d204c1a21c
SHA256: 63CB5F86E431D0D736C760AD2FBAD335F8A35308DB8F812B25A14DC595718198
File Size: 809.47 KB, 809472 bytes
MD5: 961e7ce09d795aefb0289c588dc828c3
SHA1: b58bf0e8cd2f96eef15ee5022c4099a441992c09
SHA256: 6968FCE39709F4CFAB3422C1D0EC49D35C929154567B5396AB856CED71E87EE3
File Size: 4.87 MB, 4874240 bytes
MD5: 1cb8b1947079068cdffd9f720c2219ff
SHA1: a43624fc1f4debba4acc1e4835aec0df9f3a1e84
SHA256: 62608C70025FDEC6D29D0B3A202507E9DDC8CD6A8F25173F26E873D9100853D0
File Size: 9.22 MB, 9221120 bytes
MD5: e8f6a8eab33cfd5d56a44abf784cea94
SHA1: 665396bbecc2b3272c316954c5372d0b5080cd99
SHA256: 1728F54A948C324A1CBAC22D4CD733D62DAA7C29346FEF88EB69AD78E04BF4A6
File Size: 482.82 KB, 482816 bytes
MD5: c1321a32fdbf3097d9dc2ec13e486e92
SHA1: c1a3ee5fd181400005f71c6e5008363ba465017b
SHA256: 27B97CB96F6C26C03AD272AAB5020A72810DDD2EEFF957C8519A68DC45A2E077
File Size: 3.50 MB, 3501568 bytes
MD5: 2d2b13d77735047370fc2db64eb8b635
SHA1: 91ee0b98ae8d2652b906a987bb853d6484278e43
SHA256: C47E92E8EC6B9423582E3B873DC5D379EC151B87642704F0C7A2B85C9076AD72
File Size: 671.23 KB, 671232 bytes
MD5: bf88dc6242fd22f12bc3c39f98757f87
SHA1: bc28563e5f7e347906feb87ae7dc2cf6d6729d64
SHA256: 5223DED18B671340C4E3E32F3C59AC1193695484CB60635B3EAF358786960A15
File Size: 612.86 KB, 612864 bytes
MD5: a16e5cd87945686dc082d190859077bf
SHA1: 1b80de403bc44310b7686eabaf03ef5646674e4a
SHA256: 9E08D92E0704002AB8279BF46D46B61E7DC8E5E07A5E40BF5CEB00FE465F2F12
File Size: 3.75 MB, 3752960 bytes
MD5: b5411be9b45e0f6aa41c5a5162282a6d
SHA1: ad98c1da0e51e03c5b8b7ebfec17fe4e8d824a39
SHA256: F58BBBFADCE5E399A28EE202A276B36C5A09E3B39B909005DD4AD424080C9A46
File Size: 145.41 KB, 145408 bytes
MD5: ab1eff4128596b6a77fbc06421d8ed4d
SHA1: 5a511de40fc7aee601e24f562390ca045eadc58c
SHA256: 7FFF052325B994FF6C435C32942D5388DD14465045825DB47FB267FDDD49AD38
File Size: 814.08 KB, 814080 bytes
MD5: d7426d94fc40778de4ca2cc67ba2e09c
SHA1: 01ba9fcb7e66931805239ff20104f652a6ff4123
SHA256: 38666C186A02CD6AB717CB25D6B501BA25A029C7E5EF180FEDC1E74EBA17FACA
File Size: 634.88 KB, 634880 bytes
MD5: b4a3897fd0d5eecaaa0bff9a8b76fd43
SHA1: f9d72f934069983d39852a729827b528e32b9acf
SHA256: 5C7E26E340A844EAB2CD88C3B239D25247A4865B51A2248FC39E871E9F0302F9
File Size: 828.93 KB, 828928 bytes
MD5: e3d81ac183f5e86c472ad6fa8acd1c04
SHA1: 3a6131b31290de9e7366a54274d2b3dfb3453be7
SHA256: 9448893D12A7EF8F019C9331076C7ADD7E50B50F825898E331E7B500A994DE42
File Size: 80.38 KB, 80384 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 9.10.0.0
  • 8.50.2.1
  • 8.50.0.15
  • 8.40.1.1
  • 8.8.0.0
  • 4.0.0.0
  • 3.6.0.0
  • 3.0.4.0
  • 2.0.2.4
  • 1.0.20.0
Show More
  • 1.0.7.0
  • 1.0.0.3
  • 1.0.0.2
  • 1.0.0.0
  • 0.0.0.0
Comments
  • Provides HTTP activities to listen for and send out HTTP requests.
  • Qualcom Flash And Unlock
  • The library provides access to various widely used helper classes.
  • Unlock Tool Myanmar
  • www.assecowapro.pl
Company Name
  • Asseco Business Solutions
  • BY@Myanmar
  • Cymulate.Agent.Application.Common
  • DAVID Holding AD
  • Elsa Workflows Community
  • HadiKOT
  • Microsoft
  • NeFeroN
  • SharpDllProxy
  • Zeta.VoyagerLibrary.Core.Common
Show More
  • zeta software GmbH
  • Zeta Software GmbH
File Description
  • A16URLResolver
  • Archimed Utilities
  • can3DViewModel
  • Common
  • Cymulate.Agent.Application.Common
  • e-Dokumenty
  • Elsa.Http
  • HadiKIT Reverse Tool
  • Myanmar
  • SharpDllProxy
Show More
  • UAC_NET_Cargador
  • Zeta.VoyagerLibrary.Core.Common
  • ZetaVoyagerLibrary
  • Zeta Voyager Library - Common
File Version
  • 9.10.0.0
  • 8.50.2.1
  • 8.50.0.15
  • 8.40.1.1
  • 8.8.24654.0
  • 4.0.0.0
  • 3.6.0.0
  • 3.0.4.0
  • 2.0.2.4
  • 1.0.20.0
Show More
  • 1.0.7.0
  • 1.0.0.3
  • 1.0.0.2
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • A16URLResolver.dll
  • ABS.WAPRO.DMS.BusinessLogic.dll
  • Archimed.Utils.dll
  • Assembly-CSharp.dll
  • can3DViewModel.dll
  • CustomData.exe
  • Cymulate.Agent.Application.Common.dll
  • Elsa.Http.dll
  • iREVERSE DROID ULTIMATE.exe
  • RecRoom.Studio.Editor.Core.dll
Show More
  • SharpDllProxy.dll
  • UAC_NET_Cargador.exe
  • Unlock Tool Myanmar.exe
  • Zeta.EnterpriseLibrary.Common.dll
  • Zeta.VoyagerLibrary.Common.dll
  • Zeta.VoyagerLibrary.Core.Common.dll
Legal Copyright
  • 2023
  • 2024
  • Copyright © 2022
  • Copyright © 2025
  • Copyright © 2025
  • Copyright © Asseco Business Solutions S.A.
  • Copyright © Microsoft 2010
  • Copyright © Zeta Software GmbH
  • Copyright © zeta software GmbH 2007-2009
  • http://www.zeta-software.de
Show More
  • NeFeroN
  • © DAVID Holding AD, 1996-2022
Legal Trademarks
  • All rights reserved.
  • Unlock Tool Myanmar
Original Filename
  • A16URLResolver.dll
  • ABS.WAPRO.DMS.BusinessLogic.dll
  • Archimed.Utils.dll
  • Assembly-CSharp.dll
  • can3DViewModel.dll
  • CustomData.exe
  • Cymulate.Agent.Application.Common.dll
  • Elsa.Http.dll
  • iREVERSE DROID ULTIMATE.exe
  • RecRoom.Studio.Editor.Core.dll
Show More
  • SharpDllProxy.dll
  • UAC_NET_Cargador.exe
  • Unlock Tool Myanmar.exe
  • Zeta.EnterpriseLibrary.Common.dll
  • Zeta.VoyagerLibrary.Common.dll
  • Zeta.VoyagerLibrary.Core.Common.dll
Product Name
  • ABS.WAPRO.DMS.BusinessLogic
  • Archimed eDMS
  • can3DViewModel
  • Common
  • Cymulate.Agent.Application.Common
  • Elsa.Http
  • Link Resolver & Downloader
  • Qualcom Flash
  • SharpDllProxy
  • UAC_NET_Cargador
Show More
  • updatepragmafix.com
  • Zeta.VoyagerLibrary.Core.Common
  • Zeta Voyager Library
Product Version
  • 2025-10-01
  • 2020-03-03
  • 2020-01-15
  • 2019-06-18
  • 8.8.24654
  • 4.0.0.0
  • 3.6.0-preview.3000+f4ad11eb0fe7098c4d47d4a208dd26ac80ecb45d
  • 3.0.4+e7edb1d3ea8d36b54d71d7631a5ac3122be04205
  • 2.0.2.4
  • 1.0.20.0
Show More
  • 1.0.7.0
  • 1.0.0.2
  • 1.0.0.0
  • 1.0.0+4dadec7903123fdca60c61d269601e12b311c4f0
  • 1.0.0
  • 0.0.0.0

File Traits

  • .NET
  • Agile.net
  • dll
  • Fody
  • HighEntropy
  • NewLateBinding
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 312
Potentially Malicious Blocks: 1
Whitelisted Blocks: 177
Unknown Blocks: 134

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? 0 0 0 ? 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? 0 ? 0 ? 0 0 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 ? ? ? ? ? x ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? 0 0 ? 0 0 0 ? 0 0 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 ? ? ? ? ? ? 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Heracles.PJ

Files Modified

File Attributes
\device\namedpipe\rac Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\public\log.txt Read Attributes,Synchronize,Read Control,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon

28 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2898602164a46046b8fc1ed646198713d89e9d6a_0000448512.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\20bac09d2cad71400db551e62f8797947768b9f6_0000448512.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f0ff0529451160efce066a0c2dbbb6df89692cf0_0000440832.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6c6203925a8dcf8388a628e999497ca51abc90f6_0000424448.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...