Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.ShellcodeRunner.BE

Trojan.ShellcodeRunner.BE

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.ShellcodeRunner.BE
Signature status: No Signature

Known Samples

MD5: bc925feeff8ddd36286a03e5ac2fa9a1
SHA1: f752d029b222ef8a29e0291925156e7954c089e1
SHA256: 34AC158BB7FA06F78762FFB9D870FB4F7071B4D336515ED93D504157CDF648B0
File Size: 125.46 KB, 125456 bytes
MD5: 02d3eca8bdbd429c6b6bd7192adc6c0d
SHA1: 2153a81d1e65c4f7ebcd6ee416172facdf40ac24
SHA256: E27E082106C654B9A641874DC111C513B069B763E6011C123B26FB4FCD70EEC8
File Size: 188.94 KB, 188944 bytes
MD5: 6d0a37db7fb3e16160cfb2d454464521
SHA1: 89e34489ff9a98e98b6924be9a782f5132ce4a67
SHA256: D13F7005122BA219F98D73192496F45CD3AA75E832FB27967851C15CF3386C41
File Size: 188.94 KB, 188944 bytes
MD5: 032289cdf30014a3a0ed73c9191cf78a
SHA1: 8541b1f113269fb34e8310d7a3bb5faac9290f96
SHA256: CCE710B2A22C5D17413D0D80FEF0D78ED32A9F90F770C000470F1C6B19612A11
File Size: 188.94 KB, 188944 bytes
MD5: cd0ad9c3f4a0c7683566ed120aab24a4
SHA1: 6dabba91444544b014dd8b8682f6abf04d0d040a
SHA256: 1AC3218F578231EDA3222016616DC0BF084502856D97B72D15FD55D9F8145725
File Size: 125.46 KB, 125456 bytes
Show More
MD5: d9b3368b37d4fb61263cd83edc2ef84c
SHA1: 1b289cbf98f419b094e40a47cef588ef80c216b6
SHA256: 3772E3D5261EFC2FC6B39F31C6F57E0CB8F58DDBEC9209374CFD5C9BEACF3CB3
File Size: 125.46 KB, 125456 bytes
MD5: b705184582c4e9a9ee8a298d21b546a0
SHA1: 7d3b31676ccbacaf2cc43dba08235ecfe70dcd79
SHA256: 0F799A4524CB28C08A765F3C5A9999A709DE317A174DDB9E3504337B13B414E1
File Size: 188.94 KB, 188944 bytes
MD5: 08e9b673d009fd6fc6fd4d4dec73f0e3
SHA1: 2bd507889e9c70145819ae7315b2fe68d6b752a3
SHA256: 82562536DD5D9FAC27FB4BEAB1DABD90E3B9A3E4925FAB7B3ABF3A512D0F314D
File Size: 125.46 KB, 125456 bytes
MD5: e2865a445358690ed78eedad921785be
SHA1: 70018c0f854e79832343ca6594efd8dc6ab82808
SHA256: 3C3226A93D104906C720342C89B5AB279A6F8CABD97FBDBC0851697EF441A39F
File Size: 125.46 KB, 125456 bytes
MD5: dc7ddd22efa8468d1068ec18ad91a308
SHA1: 298d9da4d7495e2c0a2fb45ce63a1736b3260636
SHA256: 83299A13BA75D5B2F41F1D182B2DE133E999BC041DA4F7EACF2C45753E5A0F3E
File Size: 125.46 KB, 125456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name Microsoft Corporation
File Description Microsoft Sync Manager
File Version 10.0.19041.1 (WinBuild.160101.0800)
Internal Name mobsync.dll
Legal Copyright © Microsoft Corporation. All rights reserved.
Original Filename mobsync.dll
Product Name Microsoft® Windows® Operating System
Product Version 10.0.19041.1

File Traits

  • 2+ executable sections
  • dll
  • x86

Block Information

Total Blocks: 566
Potentially Malicious Blocks: 138
Whitelisted Blocks: 427
Unknown Blocks: 1

Visual Map

0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 0 x x x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x 0 x 0 0 x x x x x x x 0 0 0 x x x x 0 0 x 0 0 x x x x x 0 x x x 0 x 0 x x x x x x x x x x 0 x 0 x ? x 0 0 0 x x x 0 x 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 x x x 0 0 x x x x 0 0 x 0 x 0 0 0 0 0 0 1 0 0 1 0 0 0 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • ShellcodeRunner.BE

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f752d029b222ef8a29e0291925156e7954c089e1_0000125456.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2153a81d1e65c4f7ebcd6ee416172facdf40ac24_0000188944.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\89e34489ff9a98e98b6924be9a782f5132ce4a67_0000188944.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8541b1f113269fb34e8310d7a3bb5faac9290f96_0000188944.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6dabba91444544b014dd8b8682f6abf04d0d040a_0000125456.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1b289cbf98f419b094e40a47cef588ef80c216b6_0000125456.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7d3b31676ccbacaf2cc43dba08235ecfe70dcd79_0000188944.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2bd507889e9c70145819ae7315b2fe68d6b752a3_0000125456.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\70018c0f854e79832343ca6594efd8dc6ab82808_0000125456.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\298d9da4d7495e2c0a2fb45ce63a1736b3260636_0000125456.,LiQMAxHB

Trending

Most Viewed

Loading...