Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Pakes.B

Trojan.Pakes.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,173
Threat Level: 80 % (High)
Infected Computers: 3,821
First Seen: August 23, 2021
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Pakes.B
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 719fc656bed64accf0f3685caf607256
SHA1: f85d3c55ee49332fb4928dcecb4124ed58e7d4b0
SHA256: 6DE05ABDBEE8E1E9287C9B3C41A44B7EE17FA624D51CFD91123306605729AA55
File Size: 250.29 KB, 250294 bytes
MD5: 0953bdd1f9d04440543905a8b425b0e6
SHA1: 048630c7ad53b1d501e81eabb7c8ad6656ca4377
SHA256: 5588B66AC0060AD5E794216B089CB61D7DAA79EABC962488DCD7496F460334C4
File Size: 1.79 MB, 1791610 bytes
MD5: 1804b3c56af8d41fa296d42dba0b3f5d
SHA1: e5ea35217bd48cd75370236f5359d312247f70a0
SHA256: B6CAC6EA2F6A971A939340AF528CF59FFD15C5330ED2491BA571B6A52E3DC18D
File Size: 1.79 MB, 1791628 bytes
MD5: 5dcac9e17baf48e64ec95a28bacb246c
SHA1: 8c72c4a983d18dc130cf268cf04c16b729db3a1e
SHA256: 9E278A3BA0436DC508D6667CAA32A74A869AC67149951EC45A0810ADF3A75A98
File Size: 4.80 MB, 4800140 bytes
MD5: bc70803ed2c2afaa59d5001d7b3f51f1
SHA1: f90076c95fcf5eb613e8bc53f4722cb7be6e887e
SHA256: 822E8E333F2EA572D0D07E1C47B3312B600E3A3C8E157FD012E6175A51707950
File Size: 1.79 MB, 1791492 bytes
Show More
MD5: e570e8c48afe59d1a48858e9f4f10c34
SHA1: b569d91d7120a8ae5e2ffa99137b902cfe3ecfb6
SHA256: 5BFF4FB09A77F93515F748BC4DDCA6925320FBF0398E52ED88639681CD594F76
File Size: 1.82 MB, 1817423 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name ESTsoft Corp.
File Description
  • ALZip Self Extractor
  • ALZip SFX
File Version
  • 19, 10, 1, 1
  • 10, 12, 22, 0
  • 10, 3, 28, 0
Internal Name
  • ALZip SFX
  • EGGSFX
Legal Copyright
  • Copyright (c) 1999 - present ESTsoft Corp. All right reserved.
  • Copyright (C) 2010 by ESTsoft Corp.
Original Filename EGGSFX.sfx
Product Name ALZip
Product Version
  • 19, 10, 1, 1
  • 10, 12, 22, 0
  • 10, 3, 28, 0

File Traits

  • big overlay
  • HighEntropy
  • packed
  • x86

Block Information

Total Blocks: 2,061
Potentially Malicious Blocks: 835
Whitelisted Blocks: 1,226
Unknown Blocks: 0

Visual Map

0 x 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x x x x x x 0 0 x x 0 x x x x 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x 0 x x 0 0 0 x 0 0 x 0 0 x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x 0 0 x 0 x x 0 0 x x x x x x x x x 0 0 0 0 0 0 x x x x x x x x 0 0 0 x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x 0 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x x x x x x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 x 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x 0 x 0 0 x 0 0 0 0 x 0 x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x x x x 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x x 0 x x x x x x x x x x x x x x 0 0 0 0 0 x 0 x 0 x 0 x x x x 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 x x x x x 0 0 0 0 0 x 0 0 0 x x 0 x 0 x x x 0 0 0 x x 0 0 0 0 x x x x 0 x 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x x x x 0 0 0 x x x 0 0 0 0 0 x 0 0 0 0 0 x x 0 x x x 0 0 0 x x 0 0 x x 0 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 x 0 0 0 x 0 x x x x x 0 x 0 x x x 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 x x x 0 x 0 0 0 x 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x 0 x x x x x x x 0 0 0 x x 0 0 0 x x x x x x x x x x x x x 0 0 0 0 x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x 0 0 x 0 x x x 0 0 0 0 0 x x x x x x x x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 x 0 0 x x x x 0 x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 x x x x 1 1 1 1 x x 0 0 0 x 0 0 x x x 0 0 0 0 x x 0 x x x x x 0 x x x x x x x x x 0 x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x 0 x 0 0 0 0 x x x x x x x x x x x 0 0 0 x 0 x x x x x 0 x x x x x 0 x x x x x 0 x x 0 x 0 x 0 x x x x x x 0 0 x x x 0 0 x 0 x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x x x x x x x 0 0 0 0 0 0 x 0 0 x x x x x x x x x x x x x 0 0 x x x x x x x 0 x x x 0 0 x 0 x x x x 0 0 0 0 x x x x x x x x x x 0 0 x x x x x x x x x x x 0 x x 0 x x x x 0 0 x 0 0 x x x x x x 0 0 0 0 0 0 0 x x x x x 0 0 0 x x 0 0 x x x x 0 x x x x x x x x 0 0 x 0 0 0 x x x x x x 0 0 0 x x x x x x x 0 0 0 x x x x x 0 x 0 x x x 0 0 x x x x 0 0 0 x x x x x 0 0 0 x 0 0 0 x 0 x x 0 x 0 0 0 0 0 0 x x x 0 0 0 x x x x 0 x x x x 0 0 x x x x x x x x x x x x x x x x 0 x x x 0 0 x 0 0 0 0 x x 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 x x x x x x 0 0 0 x x 0 0 0 x x x x 0 x 0 x x x x 0 x 0 0 x x 0 0 x x 0 0 x 0 0 0 x x x x x x x x 0 0 x x x x 0 x x x x x x x x x x 0 0 x x x 0 x x 0 0 x 0 0 0 2 2 0 0 0 0 0 0 1 1 0 1 0 0 0 2 0 0 1 0 0 0 1 0 0 1 0 2 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 3 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.MC
  • Pakes.B

Files Modified

File Attributes
c:\samsung\win11arm\arm64\sadrvor.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\sadrvor.dll Synchronize,Write Attributes
c:\samsung\win11arm\arm64\sadrvpj.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\sadrvpj.dll Synchronize,Write Attributes
c:\samsung\win11arm\arm64\sadrvsc.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\sadrvsc.dll Synchronize,Write Attributes
c:\samsung\win11arm\arm64\sadrvzd.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\sadrvzd.dll Synchronize,Write Attributes
c:\samsung\win11arm\arm64\smpclrc2.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\smpclrc2.dll Synchronize,Write Attributes
Show More
c:\samsung\win11arm\arm64\smxpsff1.dll Generic Write,Read Attributes
c:\samsung\win11arm\arm64\smxpsff1.dll Synchronize,Write Attributes
c:\samsung\win11arm\colora3pcl.bat Generic Write,Read Attributes
c:\samsung\win11arm\colora3pcl.bat Synchronize,Write Attributes
c:\samsung\win11arm\colora3pcl_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\colora3pcl_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\colorpcl6.bat Generic Write,Read Attributes
c:\samsung\win11arm\colorpcl6.bat Synchronize,Write Attributes
c:\samsung\win11arm\colorpcl6_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\colorpcl6_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\colorspl.bat Generic Write,Read Attributes
c:\samsung\win11arm\colorspl.bat Synchronize,Write Attributes
c:\samsung\win11arm\colorspl_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\colorspl_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\monoa3pcl.bat Generic Write,Read Attributes
c:\samsung\win11arm\monoa3pcl.bat Synchronize,Write Attributes
c:\samsung\win11arm\monoa3pcl_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\monoa3pcl_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\monopcl6.bat Generic Write,Read Attributes
c:\samsung\win11arm\monopcl6.bat Synchronize,Write Attributes
c:\samsung\win11arm\monopcl6_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\monopcl6_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\monospl.bat Generic Write,Read Attributes
c:\samsung\win11arm\monospl.bat Synchronize,Write Attributes
c:\samsung\win11arm\monospl_en.bat Generic Write,Read Attributes
c:\samsung\win11arm\monospl_en.bat Synchronize,Write Attributes
c:\samsung\win11arm\prnsacl1.cat Generic Write,Read Attributes
c:\samsung\win11arm\prnsacl1.cat Synchronize,Write Attributes
c:\samsung\win11arm\prnsacl1.inf Generic Write,Read Attributes
c:\samsung\win11arm\prnsacl1.inf Synchronize,Write Attributes
c:\samsung\win11arm\saacevents.xml Generic Write,Read Attributes
c:\samsung\win11arm\saacevents.xml Synchronize,Write Attributes
c:\samsung\win11arm\saacps.gdl Generic Write,Read Attributes
c:\samsung\win11arm\saacps.gdl Synchronize,Write Attributes
c:\samsung\win11arm\saacps.xml Generic Write,Read Attributes
c:\samsung\win11arm\saacps.xml Synchronize,Write Attributes
c:\samsung\win11arm\saactcpip.xml Generic Write,Read Attributes
c:\samsung\win11arm\saactcpip.xml Synchronize,Write Attributes
c:\samsung\win11arm\saacuni.gdl Generic Write,Read Attributes
c:\samsung\win11arm\saacuni.gdl Synchronize,Write Attributes
c:\samsung\win11arm\saacusb.js Generic Write,Read Attributes
c:\samsung\win11arm\saacusb.js Synchronize,Write Attributes
c:\samsung\win11arm\saacusb.xml Generic Write,Read Attributes
c:\samsung\win11arm\saacusb.xml Synchronize,Write Attributes
c:\samsung\win11arm\saacwsd.xml Generic Write,Read Attributes
c:\samsung\win11arm\saacwsd.xml Synchronize,Write Attributes
c:\samsung\win11arm\sabp6-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sabp6-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sabp6-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sabp6-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sabp6.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sabp6.gpd Synchronize,Write Attributes
c:\samsung\win11arm\sabp6b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sabp6b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sabps-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sabps-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sabps-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sabps-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sabps.ppd Generic Write,Read Attributes
c:\samsung\win11arm\sabps.ppd Synchronize,Write Attributes
c:\samsung\win11arm\sabxp-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sabxp-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sabxp-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sabxp-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sabxp.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sabxp.gpd Synchronize,Write Attributes
c:\samsung\win11arm\sacp6-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacp6-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacp6-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sacp6-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sacp6.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sacp6.gpd Synchronize,Write Attributes
c:\samsung\win11arm\sacp6b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacp6b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacps-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacps-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacps-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sacps-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sacps.ppd Generic Write,Read Attributes
c:\samsung\win11arm\sacps.ppd Synchronize,Write Attributes
c:\samsung\win11arm\sacrd1.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sacrd1.gpd Synchronize,Write Attributes
c:\samsung\win11arm\sacrd2.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sacrd2.gpd Synchronize,Write Attributes
c:\samsung\win11arm\sacv2a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacv2a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacv2a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\sacv2a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sacv2b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacv2b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacv2b-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\sacv2b-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sacv5a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacv5a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacv5a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\sacv5a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sacv5b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacv5b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacv5b-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\sacv5b-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sacv5c-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacv5c-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacv5c-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\sacv5c-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sacxp-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\sacxp-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\sacxp-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sacxp-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\sacxp.gpd Generic Write,Read Attributes
c:\samsung\win11arm\sacxp.gpd Synchronize,Write Attributes
c:\samsung\win11arm\samrd1.gpd Generic Write,Read Attributes
c:\samsung\win11arm\samrd1.gpd Synchronize,Write Attributes
c:\samsung\win11arm\samrd2.gpd Generic Write,Read Attributes
c:\samsung\win11arm\samrd2.gpd Synchronize,Write Attributes
c:\samsung\win11arm\samv1a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv1a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv1a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv1a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv2a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv2a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv2a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv2a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv2b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv2b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv2b-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv2b-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3b-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3b-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3c-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3c-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3c-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3c-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3d-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3d-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3d-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3d-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3e-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3e-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3e-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3e-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3f-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3f-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3f-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3f-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3g-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3g-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3g-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3g-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3h-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3h-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3h-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3h-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv3i-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv3i-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv3i-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv3i-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv5a-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv5a-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv5a-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv5a-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\samv5b-manifest.ini Generic Write,Read Attributes
c:\samsung\win11arm\samv5b-manifest.ini Synchronize,Write Attributes
c:\samsung\win11arm\samv5b-propertybag.bag Generic Write,Read Attributes
c:\samsung\win11arm\samv5b-propertybag.bag Synchronize,Write Attributes
c:\samsung\win11arm\sasp-pipelineconfig.xml Generic Write,Read Attributes
c:\samsung\win11arm\sasp-pipelineconfig.xml Synchronize,Write Attributes
c:\samsung\win11arm\smpclrc2.gpd Generic Write,Read Attributes
c:\samsung\win11arm\smpclrc2.gpd Synchronize,Write Attributes
c:\temp\kobis_zonemap.reg Generic Write,Read Attributes
c:\temp\kobis_zonemap.reg Synchronize,Write Attributes
c:\windows\syswow64\keydb.dll Generic Write,Read Attributes
c:\windows\syswow64\keydb.dll Synchronize,Write Attributes
c:\windows\syswow64\miraeexp.dll Generic Write,Read Attributes
c:\windows\syswow64\miraeexp.dll Synchronize,Write Attributes
c:\windows\syswow64\nsldap32v11.dll Generic Write,Read Attributes
c:\windows\syswow64\nsldap32v11.dll Synchronize,Write Attributes
c:\windows\syswow64\nsldapssl32v41.dll Generic Write,Read Attributes
c:\windows\syswow64\nsldapssl32v41.dll Synchronize,Write Attributes
c:\windows\syswow64\nspr3.dll Generic Write,Read Attributes
c:\windows\syswow64\nspr3.dll Synchronize,Write Attributes
c:\windows\syswow64\plc3.dll Generic Write,Read Attributes
c:\windows\syswow64\plc3.dll Synchronize,Write Attributes
c:\windows\syswow64\plds3.dll Generic Write,Read Attributes
c:\windows\syswow64\plds3.dll Synchronize,Write Attributes

78 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\regedit.exe.friendlyappname Registry Editor RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\regedit.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 铊餮䷄ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ㍺뀳ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • ShellExecute
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

(NULL) C:\Temp\kobis_zonemap.reg
(NULL) C:\Samsung\Win11ARM\monoA3PCL.bat
WriteConsole: Windows11 ARM 64
WriteConsole: e2959fe294b4e29595e29691e294bce2
(NULL) C:\Samsung\Win11ARM\colorSPL_En.bat
Show More
open (NULL)

Trending

Most Viewed

Loading...