Trojan.Sdum.C
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Sdum.C |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
b5088ffc678668932996d92f4abe816b
SHA1:
2b7dfe6c7d8a6e9046003282af949b9a88c9ecde
File Size:
4.83 MB, 4829688 bytes
|
|
MD5:
b5e76e438f73f010101cbe6d4f5a3870
SHA1:
3bec6ff1ff08d635a205d4f2de691fd4176072c1
File Size:
4.83 MB, 4829688 bytes
|
|
MD5:
a44125f6439df25036889150773fe279
SHA1:
77983338d68bed492a9d9417b93aca7a81a1b831
File Size:
4.85 MB, 4845032 bytes
|
|
MD5:
e139b369ba19d790ad86265ebaddb811
SHA1:
303c5ec2cc58bbdead56f63df44e6af2fe6f2da6
File Size:
5.09 MB, 5092728 bytes
|
|
MD5:
1c3e98ac86833187b7336818ce49eab7
SHA1:
91ba5d8cdb25d30e240a8d06522f72f6a9004172
File Size:
4.85 MB, 4845056 bytes
|
Show More
|
MD5:
151934dd689323993c0c0f19a5b3dc5b
SHA1:
a433ebac5432fe902d3bfc0d8ef1138e2e8901f2
File Size:
5.13 MB, 5131376 bytes
|
|
MD5:
91fd0bd26ccc182f6db39369ed9ec6e6
SHA1:
c8cec0f8fd4020c760ca0926b48c162cda6df989
File Size:
6.38 MB, 6377592 bytes
|
|
MD5:
a2f5f8d184977f1265680a3e9842fb75
SHA1:
c21fcc964e006c2fbb863671d6877618ce87ed8a
File Size:
4.85 MB, 4845032 bytes
|
|
MD5:
7692654a5c702848e918de37e16b8abe
SHA1:
f8b918a0b86fa5be59c84e5966213ed39ece6b14
File Size:
4.85 MB, 4845072 bytes
|
|
MD5:
9e83835004bf7b3c0095c7e76277dcf2
SHA1:
709ea300722e27d618f5034526fa21a1f694cc16
File Size:
4.83 MB, 4829696 bytes
|
|
MD5:
48520b441695516e44aa85d29995376e
SHA1:
c1eb7108d08509fe0539e627b8936c2dbbc550a0
SHA256:
69E1CF7F6B4EA7BEF4D26E57066639B1596C203CCF1648D00FC5C0FF2DB70D89
File Size:
5.10 MB, 5103760 bytes
|
|
MD5:
0ea52e25f15cf03896bf2f3ea82eda0b
SHA1:
d4db3e06d21bb158101692613efecbb49ef3bc54
SHA256:
7793627D9359BB2C3DABBAD79C543C556CA35809DFAF1CC3651931C092DE2427
File Size:
3.82 MB, 3819960 bytes
|
|
MD5:
12a3aa0d601dd81b830c044eb136d06d
SHA1:
770bf11d2536ff7afe5d78cdef357007027c15c3
SHA256:
3627E47EB4191A46E26CEBBE807857992DB999F91A68431073FADE1DEAA7B6E3
File Size:
4.83 MB, 4829208 bytes
|
|
MD5:
c12c3d13edfcfcce1696bd9c1036c869
SHA1:
fcb1fb99a52fa433833aa81b4c4d6c10abf68ae4
SHA256:
D435A3976E55BBFF3D380F645265F171C46B527D90D7AA024D55BC8CE7A7E65E
File Size:
4.83 MB, 4829712 bytes
|
|
MD5:
b6c65ad1b60a5763627b94b1bd561315
SHA1:
55072d22aab30865c54f14e0cd56245974af3891
SHA256:
AF0AA8D824BE1449ACB528E07D2915040BFCED51A38C55C8A576ECC658B1F898
File Size:
6.40 MB, 6396537 bytes
|
|
MD5:
9756e443418dae98faf2f941534caea6
SHA1:
ac87b749584d0a3e89b2bd2344accff9794bc160
SHA256:
945895952BACA5E76AA16096D8F8A5589B094C238BB4D6F35C8DE6D64476125C
File Size:
4.85 MB, 4845040 bytes
|
|
MD5:
b46faed2947ab3bf194f6befabefec55
SHA1:
8d4d84af6b29fae65d960adfee5dd73f77ef7a16
SHA256:
D0D52C40091717B4260F6852B3C105A320FA7116451BC9EE1A0E76CE2E16A3DF
File Size:
4.85 MB, 4845040 bytes
|
|
MD5:
a19795ee47a9acf6f3f76a383588790f
SHA1:
a18fd0e71ae344a1b790dcb67e77c53c08dda207
SHA256:
B70912E36B9D205DF75E1EA61DAA73DD96D1F8BBD507453956DD4F479224EB61
File Size:
6.31 MB, 6308224 bytes
|
|
MD5:
af84aceb534b574245598a72eaa48156
SHA1:
e768aa36f21907d9a14b2f68c447b021f5a772c4
SHA256:
FE9DDEE200E857DC3156A53A74984E377CF2AFBB4768E21C35002F538F216AFF
File Size:
6.29 MB, 6287000 bytes
|
|
MD5:
c89489550afea3e8856e97efaece62b9
SHA1:
9480263258cd9ad6889fe0f5fd536f47b849e9a0
SHA256:
1F3285D1481B90BB04E969CD21CC4BEDFF6B9E09AC3EDFAF170C1E3C2BB1C7DA
File Size:
4.83 MB, 4829680 bytes
|
|
MD5:
539fc12c5ca12fc7766e01654a18ff33
SHA1:
96e0b8bc84d5d34db81f5b5942c7d44a2d72d110
SHA256:
2BD48BB5BC6A6E2E654D4D38F3FB641E6A73BB4E5D269B92E155BCA8A38E0183
File Size:
6.62 MB, 6623768 bytes
|
|
MD5:
f8590a8de0b294ba3ed3bb6f5a7e3988
SHA1:
c3607d989d14f1dd703c8a4d46e546b828556732
SHA256:
CCED8C00C60948509C1B3C117DB4E553BB05B5A4A78239ED7BEBFAD9D533025D
File Size:
4.83 MB, 4829720 bytes
|
|
MD5:
277a6b12763b31539cefbe14d2f01cd2
SHA1:
db424d5525ee48d355277d1032881340a7300b29
SHA256:
E838C22AEDE39787CB9620741BE6AF156B8BB3394B777FE07330755C913ACF2D
File Size:
4.83 MB, 4829176 bytes
|
|
MD5:
352721d034a2937dfeedfd2ef308672a
SHA1:
50a4d080ad7fdeb4a8353397280f2ad23723bd5b
SHA256:
D370C06A85E7369F9A5C1DB9FCB4A9C56A3D8ADB86490C5D2B3795FB77681C15
File Size:
4.85 MB, 4845040 bytes
|
|
MD5:
89fd166dc5fb6a7627931c9a3019ce76
SHA1:
7127d420f4a44ed6e022afae4f6e3c24eddeede3
SHA256:
5EB5F4C0083D776EE282D96E1C9A5A16A833AD06B30D7002EA904042037BFE8C
File Size:
4.85 MB, 4845056 bytes
|
|
MD5:
26d2a0b2db5ef39937abdfecbd8766f4
SHA1:
0dcab5dab3e9eef34fed4b4b8fcd4288d212acb5
SHA256:
8363F076D53D26182AA3D9F8EF72337E87C25F789617E5BB070572D1995564F8
File Size:
5.12 MB, 5123688 bytes
|
|
MD5:
650bf3efb5d99d82d411f71bae94d33a
SHA1:
7e31e5d03be3a2142c294f5483ff1ac4961bb1c8
SHA256:
D17F90A2D1D12DFC22AB829CEEE52DEC99B534928D245B45DCE9DC74029C91A3
File Size:
4.83 MB, 4829192 bytes
|
|
MD5:
c86ef215f34acb48e0fa99e04f0fbbf4
SHA1:
80dd7cad5c2187e6e93084badf33be528f01c5f0
SHA256:
C4AD0C7CB30B5F05E173197BA0DE1D2FFCDEAA3D46D8B2B0C4B6D880F381D838
File Size:
5.13 MB, 5130864 bytes
|
|
MD5:
5fb1d987127d390b9dc1f2a2cfabd04c
SHA1:
e4a6669642d649122bd1b8e831c5caacde88c4c4
SHA256:
60EA8EC575C3663FDB4A166F60614E03A686E050CA9416B56ACA77BE155F5C91
File Size:
6.61 MB, 6614096 bytes
|
|
MD5:
a5b223b97d3937c48d6a8a143219eecb
SHA1:
1ee0b40389148b1d102478ea3135e2646c3c5e72
SHA256:
5E4BEDEC18D9EE6171B89DD7BD35B6326D33F2998D699ACE0A832E7BC18A63DF
File Size:
4.83 MB, 4829160 bytes
|
|
MD5:
fddda9a154e229dc530344949fcb9d18
SHA1:
c3633babc16a31343fb4d55c3a4a4315bc503ed9
SHA256:
F5BA48DA93B0B4ADC04B54732D75239781731F55C47F2E896BFECD7ACB94EBC0
File Size:
6.36 MB, 6362752 bytes
|
|
MD5:
4f1a3752f375dc31614017926175eb0d
SHA1:
dfd7ea73f8a2b7704b4f95fb76086cb6bfa13bdc
SHA256:
CD31571BB8372BBB1016D2EB84D804CA5C5CC8B677EBFCC954C218A976947AB2
File Size:
6.39 MB, 6386800 bytes
|
|
MD5:
d1ea2f3d43ecbb2e71c6c2b293ce15f3
SHA1:
229ce4dc9569457f9335a3023de2b6092c3ec1bc
SHA256:
01615A34BAEC673A303A3D4DD40F14F0AB0DCE7C5EC0A8639295EC883B730660
File Size:
6.32 MB, 6317936 bytes
|
|
MD5:
edcb9699642d9cfb81a7915ea5b27846
SHA1:
b7d30140096e62d03de17282c3f82d09e15b321c
SHA256:
F3EC460E82E0BEC45F5A602E3FD065F086B9D62F3F562EE67B467EC491509DC2
File Size:
5.75 MB, 5750704 bytes
|
|
MD5:
68a586d55355b343a7ee0b8b5df1043f
SHA1:
cc0991c712d6d2d6d10b0f2d90a6f30262a8fd5d
SHA256:
57406B03DE27BBC71B04D6E7071055541DE6E111CA41CC48F5B465AD980229FD
File Size:
6.38 MB, 6379640 bytes
|
|
MD5:
277a616ae84d912cecc519066ac88ba7
SHA1:
0d28351ca924e14e5c7299ee764b08db0abbaa2e
SHA256:
170CD14DD20465105DEC5B8ED4CFB5C8FE80F0F00848069622AAE3000FB9037D
File Size:
6.39 MB, 6388456 bytes
|
|
MD5:
38081a992907c9aa229c7a636857c79d
SHA1:
2a28cd9e365067818712fa2306e92f646c496f12
SHA256:
953D426D125B0C8CDE50CA17252C297EE7512428E5E54ED10DCA7B35A86613F4
File Size:
4.85 MB, 4845064 bytes
|
|
MD5:
0bd5090e2413c835445ca13564ca5c66
SHA1:
2dba1e3dcbbce389e940c6f93f2677df00f0dabb
SHA256:
1F6FF15E2A28535F196830F16CB4FC11C9CE6B829A4845C11985B1E8C5E5C7B0
File Size:
5.00 MB, 5003680 bytes
|
|
MD5:
66d6530169e07454ac6f4908a032b6c6
SHA1:
4a641b10fa94891aa2f40929c7ea905df0e7a3ab
SHA256:
E40FB3C42ED1F0ABA5EFB10F88194C4FD31BBEA2F5C0BC0A3A4C1AB73AAE4E8C
File Size:
6.37 MB, 6369928 bytes
|
|
MD5:
a9d1a18936a521eccee2079bb8d9ccaf
SHA1:
fcc2fb813b55c5e4845c375e11bb2db95fd14bf9
SHA256:
98B1397D663202648CD31258D1C5814410546AD0AAE91EA2E854A53BB6AC921C
File Size:
4.85 MB, 4845064 bytes
|
|
MD5:
e3aa34709d7d20fb25b935be9510faf5
SHA1:
27f3828a84aa66b91cceee34492c2432dab08bd3
SHA256:
A071591155CD886D53A7A874727539880640B2A04CB4AE254FD8612AF189F11B
File Size:
4.83 MB, 4829152 bytes
|
|
MD5:
17b107e51abc215afefb40d38af244fb
SHA1:
b66a10001b353f8d9b9f4ab3c5ae91cd3233f023
SHA256:
AD3C33F52F562FC146705E4C5AE96DACF57CD3BAEBD82DF7D115208B13C86B5A
File Size:
4.83 MB, 4829712 bytes
|
|
MD5:
4e788b1af8adcd3be670feff1b62029b
SHA1:
54bda394b8df37fa4c147718b0f0913d13a278a3
SHA256:
614E2DE37218F394D3CE31ACACAE1F0B7B8221DD268F4F1DD3458D319D16F66C
File Size:
4.85 MB, 4845056 bytes
|
|
MD5:
eebfebc5f005d92ad18390c29ce8fe90
SHA1:
4d28506d3b739ad39ec71b297fb52a2fb5c1575e
SHA256:
FEDE8B6D8C33567C39DCA2C18E4A03A4ABC4793112DF1EDEE9733D91E5282635
File Size:
5.00 MB, 5003688 bytes
|
|
MD5:
abbf12e1d049f3c4a3f638f5c93d3924
SHA1:
21baab3efa054a513751b9e2128f5056c937b1f9
SHA256:
ACAC1009BFA368B423930EE7188DF96FB3D40C8864AA4E5A3D291D930D5FF640
File Size:
4.83 MB, 4829672 bytes
|
|
MD5:
55c7e883b8310512781b3fe86e4fcf63
SHA1:
a3b3b512a35d12697548f415514c746bc7e77cca
SHA256:
1FC73099E1B1D0F7A252F62991569BDD108D048774AEBD6239C4DC559E543AA1
File Size:
6.61 MB, 6607592 bytes
|
|
MD5:
02d6dbdf98aeafe663e529fbed1a5133
SHA1:
780552662b3df1752d942ea3b373b78d1eb4b5ea
SHA256:
4E46AF350165D3D1E0DF074E887ACB831EF62156639FB61822617FA1127A7974
File Size:
4.85 MB, 4845056 bytes
|
|
MD5:
0c3c988570f9d817b88b2862b9fd1c19
SHA1:
c2c49c8fbb0c2de3908cee9b36d94de4e3168684
SHA256:
6D0EF7B68E6F1297E9F0F5002D21432A9863AD41C5FD864A60AE63E52204D751
File Size:
4.85 MB, 4845040 bytes
|
|
MD5:
2abfad9dff626f73aa9ce6484ad9d759
SHA1:
1c27d4f7523f65ae6e09527961243622f9d5a1ba
SHA256:
9158EE08E7E1E7790697CA8AD497E79ABAA7ED20D7C721D2E5CC362FE215FE90
File Size:
6.28 MB, 6279344 bytes
|
|
MD5:
3aceb87f1a1142045446411703259ad4
SHA1:
c08c64fa150b05c5bd1b02c8f0e466920dbc6cef
SHA256:
198A33F243C838C86CB70318BE8D87436EA1D676916B84DA736E2DDDCACB3845
File Size:
6.40 MB, 6396537 bytes
|
|
MD5:
dbda29e7b98dcf25c282c2878b058bae
SHA1:
1068d743c8d473cc10b60bfef6998b5318446ead
SHA256:
06D5929CB1AC91A9DDAB3478D99A931FDDD07526A05926DE89FEACFDF862678B
File Size:
4.85 MB, 4845080 bytes
|
|
MD5:
abd5a84069aa8cb8eef506d26e87a718
SHA1:
f2cfb585750faa6d2e553bd01e0d886168122b83
SHA256:
482D597B6BB8869EDF2BCD6E2F7025E921FAE527699936810ECDBE02BCC816E6
File Size:
4.85 MB, 4845032 bytes
|
|
MD5:
d0653ec6aad663648eb7f9d1391fab7e
SHA1:
e520165b5d19d6761710689a709394765eade919
SHA256:
0EF888B72770D61CA881AD6F8B962CEDAC0099874D71CC2AF3EC3503A7AD8A9A
File Size:
6.61 MB, 6611808 bytes
|
|
MD5:
9331317f92d84a8707d7a2df462c6f88
SHA1:
61edaecd9d6e4258b61074777dfca0a4c176748c
SHA256:
F812DB3CA1B00B19D42E5876CDA07732BDA8ACE025CFEBE751636AA877E31F08
File Size:
4.83 MB, 4829168 bytes
|
|
MD5:
e2516f2ef40c2abfb4f2d0c0e212d155
SHA1:
9e29e7e8c211ccaa26b129028e2d6ff149e76e2a
SHA256:
CFCC9C5D7445879B5ACFFCE24FA5D0E561D1CF1DEAB2699B4DF8B122ACAF7B95
File Size:
6.62 MB, 6620816 bytes
|
|
MD5:
94920320de0e7061a0cb89f67afe6dc5
SHA1:
68e7ab137a28648a21e045a142cb93a6e538c345
SHA256:
761015330023069A79DDA49F1F21FC7F37ABB889CB1D10F2A36DC66BC71DAF63
File Size:
4.85 MB, 4845080 bytes
|
|
MD5:
7a1481d753e79bf7a88aa79a7f14671f
SHA1:
7ca7423f88bb44983c04b55caf004b6bee70a931
SHA256:
A52A34EC83360C76E47D3D3CC01E4C57147B75624BF997219F0366710BE58A24
File Size:
4.85 MB, 4845016 bytes
|
|
MD5:
1994bbb25d07cb3b0734f7049041816d
SHA1:
1f1a4cdb45655a96426da4c6bd4acb4ae7844bc4
SHA256:
3BF40FCFF079A94DCAB75F7AE39E49166872817D6D7D045A5C94F31836528C80
File Size:
4.85 MB, 4845056 bytes
|
|
MD5:
87a7e1324d8a9755e4e9b2adc8e70a0e
SHA1:
c52cbb44a1729bcdb0fc074b8c50cbd541645e0f
SHA256:
28E45EA012235DB0DB60DED3E244B255015C016A8566085996C4047A084687AE
File Size:
6.35 MB, 6349952 bytes
|
|
MD5:
efd40de5611d5c7c1633101facc98808
SHA1:
cac934a9ce22a54af97089cf7bfd2deaabef854d
SHA256:
EA2CAD52C5931912BF4B0FE966157956A33891C8B402B9BA244499CF065C33C5
File Size:
6.27 MB, 6269544 bytes
|
|
MD5:
2b55434c128bf674feb926611a7b601b
SHA1:
d23d7937da5f6d7f209e71079275f2d415598dc7
SHA256:
A20F7856D7112738467E36376EB970D780ECD37607334C92CD86E452CA5F040B
File Size:
4.85 MB, 4845056 bytes
|
|
MD5:
7fbfbb94d535d4a724e19e6dbc90ffc8
SHA1:
d4eb2e3dea15273c732e0eb70ac0fd52e5f25856
SHA256:
D6F2F4A99C6A681495FAD73F9F6BD1A0BFF7998223BA66C650F6C569DDC1CCED
File Size:
4.83 MB, 4829704 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Pool Terms | Accessory Heritage | Self Signed |
| South Stream | Acute Consent | Self Signed |
| Impose Deviate | Allege Pull | Self Signed |
| Through Onion | Bang Ascertain | Self Signed |
| Pretend Piss | Blank Spell | Self Signed |
Show More
| Lord Inward | Blizzard Dice | Self Signed |
| Headline Objective | Bright Blink | Self Signed |
| Impress Opening | Bright Furnace | Self Signed |
| Hook Crumb | Character Spear | Self Signed |
| Relieve Around | Checkup Van | Self Signed |
| Handsome North | Come Aggregate | Self Signed |
| Conquest Timely | Court Knob | Self Signed |
| Widespread Utilize | Crease Plea | Self Signed |
| Wrestle Stretch | Crime Glint | Self Signed |
| Lever Tap | Decisive Magnificent | Self Signed |
| Polish Dumb | Dot Ambiguous | Self Signed |
| Mostly Exact | Duo Murmur | Self Signed |
| Mate Follows | Expand Edible | Self Signed |
| Pea Out | Expose Handwriting | Self Signed |
| Airline Meadow | Flake Deed | Self Signed |
| About Get | Flea Twilight | Self Signed |
| Stand Jet | Fleeting Lurch | Self Signed |
| Sovereign Square | Flood Ancient | Self Signed |
| Plant Exhibit | Foil Wane | Self Signed |
| Reply Piss | Former Tangle | Self Signed |
| Precaution Limp | Fragile Care | Self Signed |
| Excellent Dummy | Fray Tack | Self Signed |
| Rip Closure | Frustrate Hail | Self Signed |
| Surround Emperor | Gang Whereas | Self Signed |
| Impede Back | Gaze Concern | Self Signed |
| Gust Segregate | Get Vivid | Self Signed |
| Linen Rhyme | Hence Coerce | Self Signed |
| Balloon Virgin | Ladder Retract | Self Signed |
| Prove Rot | Laid Curb | Self Signed |
| Noon Soccer | Lever Fasten | Self Signed |
| Consent Interior | Outstanding Digit | Self Signed |
| Cozy Rope | Overcome Brace | Self Signed |
| Trial Peninsula | Pond Action | Self Signed |
| Exaggerate Ward | Pretty Foliage | Self Signed |
| Incur Gratify | Prosper Squeak | Self Signed |
| Fear Both | Quantity Guideline | Self Signed |
| Crib Fray | Recess Mosquito | Self Signed |
| Mankind Chancellor | Refrain Outgoing | Self Signed |
| Pouch Out | Rubbish Respective | Self Signed |
| Endanger Patch | Rumor Behold | Self Signed |
| Usage Axe | Scrape Eternal | Self Signed |
| Convenient Rug | Sentence Flat | Self Signed |
| Efficacy (backward) | Sideways Frontier | Self Signed |
| Pea Nipple | Spouse Teenage | Self Signed |
| Chew Allure | Stubborn Prescribe | Self Signed |
| Impact Stretch | Surveillance Beauty | Self Signed |
| Rash Rush | Swarm Infinite | Self Signed |
| Widespread Doll | Throng Ancestor | Self Signed |
| Flair Dwindle | Touch Slack | Self Signed |
| Cut Sob | Turn Hound | Self Signed |
| Alien Concern | Veil Candy | Self Signed |
| Rob Anyway | Vomit Reserve | Self Signed |
| Blend Verge | Wet Wallet | Self Signed |
| Grudge Desktop | Within Settle | Self Signed |
| Break Mean | Worth Hypocrite | Self Signed |
File Traits
- big overlay
- fptable
- Installer Manifest
- Installer Version
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,371 |
|---|---|
| Potentially Malicious Blocks: | 168 |
| Whitelisted Blocks: | 1,203 |
| Unknown Blocks: | 0 |
Visual Map
0
x
0
x
x
x
0
0
1
0
1
x
x
0
x
0
0
x
0
x
0
x
x
x
0
0
x
x
0
x
0
x
0
0
0
x
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
x
0
0
0
0
0
x
0
0
x
x
0
x
x
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
x
0
x
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
x
0
0
x
0
x
0
0
0
0
0
x
x
0
0
x
0
x
x
x
x
x
0
x
0
x
x
0
0
x
0
0
0
0
0
x
x
0
x
x
x
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
x
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
x
0
0
0
x
0
0
0
0
0
x
0
0
0
0
x
0
0
0
x
0
x
0
0
x
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
x
0
0
0
0
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
x
x
x
x
x
x
0
0
x
0
x
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
x
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
x
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
2
2
0
0
0
0
0
0
0
0
0
0
0
0
3
1
1
1
1
1
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
1
1
2
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
2
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
2
0
1
1
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Emotet.EH
- Sdum.C
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0075dcac\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0075dcac\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs021ab032\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs021ab032\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs032e4f60\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs032e4f60\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs03782a00\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs03782a00\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs040d509c\setup.exe | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\7zs040d509c\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0660f100\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0660f100\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs06f63aa7\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs06f63aa7\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs07673830\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs07673830\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs09c6d33b\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs09c6d33b\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0b1263ff\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0b1263ff\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0b834b48\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0b834b48\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0bc3bb81\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0bc3bb81\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0c76763c\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0c76763c\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0cc3f8c0\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0cc3f8c0\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0d6f5e3c\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0d6f5e3c\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs0d764576\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs0d764576\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs40b7a7dc\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs40b7a7dc\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs42d273f1\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs42d273f1\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs43596624 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs43596624\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs43596624\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4601f262\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4601f262\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs46ce59b5\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs46ce59b5\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs471d9774\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs471d9774\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs482a6c0a\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs482a6c0a\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4919d390\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4919d390\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs49f77671\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs49f77671\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4a049007\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4a049007\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4a61a915\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4a61a915\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ac96eec\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ac96eec\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4aeb022c\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4aeb022c\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4b531a11\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4b531a11\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ba12d19\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ba12d19\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4beaa49e\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4beaa49e\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4bfa59c4\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4bfa59c4\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4d1ad1fc\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4d1ad1fc\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4d56537c\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4d56537c\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4d86857e | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4d86857e\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4d86857e\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs83e4cac5 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs83e4cac5\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs83e4cac5\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs86fa363b\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs86fa363b\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs8791f2fc\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs8791f2fc\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs88245dd6 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs88245dd6\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs88245dd6\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs886f7e31\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs886f7e31\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs88776100\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs88776100\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs8b11038f\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs8b11038f\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs8c1b99c8\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs8c1b99c8\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs8d2eac29\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs8d2eac29\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs8d9c5252\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs8d9c5252\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc2717630\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc2717630\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc34027dc\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc34027dc\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc340b97b\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc340b97b\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc3428fdc\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc3428fdc\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc3b88670\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc3b88670\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc4769155\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc4769155\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc4ce4225\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc4ce4225\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc6730700\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc6730700\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc6f15923\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc6f15923\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsc9ac9e2e\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsc9ac9e2e\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsca1c7eb5\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsca1c7eb5\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsca3756c1\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsca3756c1\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsca661d4d\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsca661d4d\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zscb5acf01\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zscb5acf01\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zsccbd3eec\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zsccbd3eec\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zscddfcb8f\setup.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zscddfcb8f\setup.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsa7116.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsc3476.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc3476.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsc3476.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsc3476.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscf906.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscf906.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nscf906.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscf906.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscfb08.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscfb08.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nscfb08.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nscfb08.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdbfbf.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsdc9f.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nse152.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse152.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nse152.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse152.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh15bd.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh15bd.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsh15bd.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh15bd.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh57a7.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsh57a8.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsh57a8.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh57a8.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsh57a8.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2f06.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2f06.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsi2f06.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2f06.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi6cb6.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi6cb6.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsi6cb6.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi6cb6.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nskadd1.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nskadd1.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nskadd1.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nskadd1.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsl4468.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsl4468.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsl4468.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsl4468.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nso6b14.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nso6b14.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nso6b14.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nso6b14.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsob42f.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsob42f.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsob42f.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsob42f.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq7127.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsq7127.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq7127.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq7127.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqcbb3.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqcbb3.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsqcbb3.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqcbb3.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr792d.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr792d.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsr792d.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr792d.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nssbfcf.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nssbfcf.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nssbfcf.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nssbfcf.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsscaf.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsscaf.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsscaf.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
16 additional files are not displayed above.
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Shell Execute |
|
| Anti Debug |
|
| User Data Access |
|
| Syscall Use |
Show More
92 additional items are not displayed above. |
| Keyboard Access |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
.\setup.exe
|
