Threat Database Trojans Trojan.Reconyc.FI

Trojan.Reconyc.FI

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Reconyc.FI
Signature status: Self Signed

Known Samples

MD5: e835db905a3b34740a00dc7f6b6e818d
SHA1: 575eb2a61e3c890d940befc7bae19bd509a44529
SHA256: 8CB15DE40809B7F0F80BFD46C2039C0A43437CC271ADBDB7466D9B27FC91D3B7
File Size: 3.11 MB, 3114064 bytes
MD5: 5da2f3517b2ba2d3051173ce73bdcae2
SHA1: 580c80f820ea6e86ff3acf32dd0907aa7a38a14e
SHA256: 38761F51AC8F0C7521FB9246FEB8A2DF354A9FF155A79335AEB0FDAA746BEC59
File Size: 3.09 MB, 3090136 bytes
MD5: 596c7b8f434772c04b5ff03b45dab8bd
SHA1: 2314d697fa2f6f48e8abadadcbddb4f1e55096ff
SHA256: 70E82387D256C7B1EBC8B63608849A58FFC589090AC34B2D7E03D2C0646FE9F8
File Size: 2.75 MB, 2750680 bytes
MD5: a42f7085426422ae2fcc4429570c1c6d
SHA1: 2401d7ecf3af2ecc83555a5c8a1bf2bb97f1840e
SHA256: 3F49813CB38EFCA4DD2B99643E34B873CE359AD389F8AEFBE49297CD9BEC5A8B
File Size: 2.89 MB, 2890968 bytes
MD5: b599749364795aafda710478a0bf44ca
SHA1: 9b85be250ec59b8a33cc9890f536edb139a013a7
SHA256: A61480ACF047378B2AE5B7DDB6C47ABD0456B34AAD01A745965302F74B429BF2
File Size: 9.09 MB, 9089600 bytes
Show More
MD5: 95fd4597925cc6571f1f93ba38bebaa7
SHA1: add956a3d5e87ff0a3bca2b60acdbeeafe9b41ff
SHA256: 890807DCE8DA336EF444F6054FBEE5885389C125ED59F52C1F49059AC746005B
File Size: 4.53 MB, 4532400 bytes
MD5: 53b3ac7a6dc818ad9ee9135c8b94f9ad
SHA1: 2af60076c3b710de95630154bf12236e767f6323
SHA256: 592A08A60B261501457B5C9B4769646900C1EF57054FFBBBD6B4CA0BAB55F344
File Size: 4.52 MB, 4519600 bytes
MD5: 476be98204efbbd7f34ef80e313bf7c6
SHA1: 1ee914425535fe1f9db93757e2dc4b74c633003f
SHA256: E7F643E2B4047E96A7DA74AA23EB2A82CC0D2EACFF27B16E4E72B3C9B7BE5107
File Size: 5.84 MB, 5844144 bytes
MD5: 0bf07078318ed07eb79a64cbe5e635c3
SHA1: e12950350d0d7de41d0c3c5e959d473c22e84055
SHA256: 80888C28E5D0E9B7FAB45B5B7970BA2648FD581107EF0FFF79F906212732CBD4
File Size: 8.92 MB, 8922944 bytes
MD5: 0c5191e81933b98ae584402a57082c6d
SHA1: 1fbc2e2f8f46eec1d2c083ba0e5cea30a3d75c97
SHA256: 3D83DC7FA4EF0B916D8CE30FCEE6969F3A51DF2E38A09BF9BEC93EE4D0E19DFB
File Size: 2.68 MB, 2677247 bytes
MD5: f5617974e5d6655102c3d47076efd3aa
SHA1: 757ae2fd8a9029830da2a9c237f404b29fe8a56a
SHA256: 49604C66C0F237E8A0A8C464CC448C8A7BCE59F5D6DE2A57653D08614B2CADA4
File Size: 7.92 MB, 7924736 bytes
MD5: 1f8b2dbb64a4bf6a93acb48b73f989d0
SHA1: ed480c9d3d0f97407ba6db21f72b1308eef3e74c
SHA256: C4BB5B4E33D0707A7F264417D96F5B2FF583667FC02D06444E0CE5B2E5BF2CBD
File Size: 8.68 MB, 8682496 bytes
MD5: 4b1de0172d97f4ea3c31ddb7af365908
SHA1: 4c0c1f5a1d2edbccb905adcd7ca9aadd457f6613
SHA256: 4843AB41538EA715D7B506E18968AA5339116AF0F35501AF9BF6E1945C4B1D6A
File Size: 2.54 MB, 2542080 bytes
MD5: f1df073b340d9f5475c71c318d2826c6
SHA1: 22c111a00d9104033bbdc6b4014af019a62a2d84
SHA256: 3718BD7D0CE766862ECB2EBD8F58FDE9E21EFB14E7B6E08ABF12DBCDED445CB1
File Size: 2.31 MB, 2308608 bytes
MD5: dc47466c854a7e76163ede4d5dea2464
SHA1: 4687b002353348c8e0c8a4c47a92b6bc357a9d41
SHA256: F222FE65B5D163A889DFBE9A0742F4759069E4C4A70849C69A82927E67F2CB7F
File Size: 2.79 MB, 2791487 bytes
MD5: 940327a75206101091bca24301b6ea0d
SHA1: ee492ab145b626dac816f844fd9c7c26f3944d5a
SHA256: 9ABE65AA916493764127601680A00D4F325B2F4BEFF7B0E4AE8F4603CCA35C32
File Size: 2.64 MB, 2642944 bytes
MD5: 19efa4da083749b747cdf16365fb08bb
SHA1: 52fce9fda4dcdc6ba822d7dbd9e5ca0ea1cd2b83
SHA256: 9800097744BBCDF81744DA1F3FFF9EC39E6A60D8BA2E2C70301DFCD172679980
File Size: 2.33 MB, 2330288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Evernote Corporation
  • everythingcomplications
  • ourselvesconfidentiality
  • perspectivesproducers
  • politicians
  • sculptureintroduce
File Description Evernote
File Version
  • 10.159.4.20251022090921
  • 5.0.0.0
  • 1.0.0.0
Internal Name
  • classicallitigation
  • executivejurisdiction
  • knowledgecombination
  • numericalexaminationsaccepting
  • politicians
Legal Copyright
  • astronomyreflected
  • Copyright © 2025 Evernote Corporation
  • difficultyscheduled
  • politicians
  • preferencesupporting
  • proprietaryextraordinary
Original Filename
  • hardcover.exe
  • languages.exe
  • politicians.exe
  • recognized.exe
  • responses.exe
Product Name
  • administrativereliabilitycenturiescommonwealth
  • demonstratescollectibles
  • Evernote
  • immigrationdepending
  • politicians
  • restructuringanniversary
Product Version
  • 10.159.4
  • 1.0.0.0

Digital Signatures

Signer Root Status
*.dodo.com *.dodo.com Self Signed
*.texasdiagnosticradiology.com *.texasdiagnosticradiology.com Self Signed
*.us.pg.com *.us.pg.com Self Signed
Evernote Corporation Entrust Code Signing Root Certification Authority - CSBR1 Hash Mismatch
Evernote Corporation Entrust Code Signing Root Certification Authority - CSBR1 Hash Mismatch
Show More
glitch.com glitch.com Self Signed
www.hindustantimes.com www.hindustantimes.com Self Signed

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • golang
  • HighEntropy
  • No Version Info
  • x64

Block Information

Total Blocks: 2,611
Potentially Malicious Blocks: 3
Whitelisted Blocks: 2,344
Unknown Blocks: 264

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.JFJ
  • Agent.KFTA
  • Agent.KOFA
  • Agent.KTSD
  • Agent.KTSE
Show More
  • Agent.LPX
  • CobaltStrike.ZA
  • Coinminer.LO
  • Dropper.FF
  • Dropper.FFA
  • Dropper.JD
  • Filecoder.JFA
  • Gamehack.OFG
  • Kryptik.ERA
  • Kryptik.FRS
  • Kryptik.FRSA
  • Kryptik.FSK
  • Kryptik.GFSC
  • Kryptik.IOB
  • Kryptik.IOC
  • Lumma.AU
  • Mikey.U
  • Quasar.BC
  • Quasar.LD
  • Quasar.SA
  • Quasar.SB
  • Reconyc.FH
  • Reconyc.FI
  • Reconyc.Q
  • ReverseShell.XF
  • Rozena.DDA
  • Rozena.ED
  • ShellcodeRunner.AYB
  • SmokeLoader.C
  • SmokeLoader.D
  • Trojan.Downloader.Gen.JS
  • Trojan.ReverseShell.Gen.AO
  • Trojan.ReverseShell.Gen.B
  • Trojan.ShellcodeRunner.Gen.AQ
  • Trojan.ShellcodeRunner.Gen.AR
  • Trojan.ShellcodeRunner.Gen.DP
  • Trojan.ShellcodeRunner.Gen.FC
  • Trojan.ShellcodeRunner.Gen.FZ
  • Trojan.ShellcodeRunner.Gen.KT

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
Show More
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletion
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetComputerName
  • GetUserName
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOption
Network Winhttp
  • WinHttpOpen

Trending

Most Viewed

Loading...