Trojan.PyStealer.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 1,313 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 2,577 |
| First Seen: | October 4, 2023 |
| Last Seen: | October 21, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.PyStealer.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
18f423467df7e176e96fc96b59cd5633
SHA1:
48e41b2f34c2c09745ee11fa403021dafb37b4f2
File Size:
5.50 MB, 5499407 bytes
|
|
MD5:
12c3b9243f32c70ad2ecb85af2a86281
SHA1:
5e2a3377b34b35700396b846c8c9e9499b9c8704
File Size:
8.34 MB, 8336868 bytes
|
|
MD5:
9e1a4c964b5ad00994d1d1703b2f47b6
SHA1:
4241a27e72b0c35d2d0741db728307b653ac693f
File Size:
5.01 MB, 5008248 bytes
|
|
MD5:
6ef88815473d467f93caa5f9d90aab79
SHA1:
fbd6dec3f90b52ea4210fa7e098568d9996920f8
File Size:
9.34 MB, 9339103 bytes
|
|
MD5:
3ff59ae65655f77a993c3e104d0d9a24
SHA1:
09fe3ae4e83a25a3f62e431a3733ba00e4e474a3
File Size:
1.76 MB, 1762354 bytes
|
Show More
|
MD5:
fe8379e180afae37684e0b7212c19931
SHA1:
2567d88a06f00c240bb41f35f910c3de78a03a1f
File Size:
9.34 MB, 9335963 bytes
|
|
MD5:
86d39d069deb2c67784ca07250efb420
SHA1:
97fe441692d5c13edb0e61d6b90a8b9315433902
SHA256:
112EDF21EE22484A96F1FE6CF4A33B244FDF4F38E03F340854FC721D5A9CFBA2
File Size:
3.22 MB, 3217082 bytes
|
|
MD5:
b47e7314b4d5f38c6cf3a19a755313fb
SHA1:
87f57d6805d62ae7c92872e97071ab51c46cd7c0
SHA256:
A647544EBB49A90DCE6C697A69EDE549CC6A4A798F7F777DC93F00850C490F7B
File Size:
7.56 MB, 7557392 bytes
|
|
MD5:
90f5cc6815a943c90db6e2d0be996795
SHA1:
40367c01bf193ef011a091280b573d9cbe09ad17
SHA256:
7C8514FED4A341347E856E135FBFB157A306971B96B82B91691F519C8E8C6C2F
File Size:
9.20 MB, 9198542 bytes
|
|
MD5:
b9928c2616d865227d5336c71ec3e1ba
SHA1:
73c1f87591ff42746e0713276d8b71b03044a050
SHA256:
7B93E39E90ACC845DA8055E274C98BA4B59D9C96FDF0C7059B676A3DB821914B
File Size:
8.04 MB, 8038138 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- GetConsoleWindow
- No Version Info
- Py-installer
- x64
- zlib (In Overlay)
- zlib overlay
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 863 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 863 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_mei10922\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\bin\python39.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\bin\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\dlls\libcrypto-1_1.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_mei10922\dlls\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\python39.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10922\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_multiprocessing.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11002\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_multiprocessing.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei15522\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\bin\python39.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\bin\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\dlls\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\dlls\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\pyexpat.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\python39.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei18002\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\pyaudio\_portaudio.cp39-win_amd64.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\python39.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19202\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_multiprocessing.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-fibers-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei19362\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
1268 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
Show More
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe "c:\users\user\downloads\48e41b2f34c2c09745ee11fa403021dafb37b4f2_0005499407.exe"
|
c:\users\user\downloads\5e2a3377b34b35700396b846c8c9e9499b9c8704_0008336868.exe "c:\users\user\downloads\5e2a3377b34b35700396b846c8c9e9499b9c8704_0008336868.exe"
|
c:\users\user\downloads\fbd6dec3f90b52ea4210fa7e098568d9996920f8_0009339103.exe "c:\users\user\downloads\fbd6dec3f90b52ea4210fa7e098568d9996920f8_0009339103.exe"
|
c:\users\user\downloads\2567d88a06f00c240bb41f35f910c3de78a03a1f_0009335963.exe "c:\users\user\downloads\2567d88a06f00c240bb41f35f910c3de78a03a1f_0009335963.exe"
|
c:\users\user\downloads\87f57d6805d62ae7c92872e97071ab51c46cd7c0_0007557392 "c:\users\user\downloads\87f57d6805d62ae7c92872e97071ab51c46cd7c0_0007557392"
|
c:\users\user\downloads\73c1f87591ff42746e0713276d8b71b03044a050_0008038138 "c:\users\user\downloads\73c1f87591ff42746e0713276d8b71b03044a050_0008038138"
|
