Virus.DelfInject.gen!AU

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	307
Threat Level:	10 % (Normal)
Infected Computers:	75,074

First Seen:	May 7, 2013
Last Seen:	February 7, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Panda	W32/ButterflyBot.A.worm
AVG	Dropper.Generic.AVIZ
Fortinet	W32/Injector.fam!tr
Ikarus	Trojan.Injector
AhnLab-V3	Win-Trojan/Buzus.88064.Q
Microsoft	VirTool:Win32/DelfInject.gen!AU
eTrust-Vet	Win32/Rimecud.AF
Sophos	Mal/EncPK-LL
McAfee-GW-Edition	Heuristic.LooksLike.Win32.Suspicious.C
AntiVir	TR/Spy.Gen
F-Secure	Trojan:W32/DelfInject.gen!D
Comodo	Worm.Win32.Peerfrag.BP0
BitDefender	Trojan.Inject.Delf.E
Kaspersky	Trojan.Win32.Buzus.fhsu
ClamAV	Trojan.Buzus-5397

SpyHunter Detects & Remove Virus.DelfInject.gen!AU

File System Details

Virus.DelfInject.gen!AU may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	msimfo32.exe	1801b37752cb751ac4b6d8fe7d6acd12	2
Name: msimfo32.exe MD5: 1801b37752cb751ac4b6d8fe7d6acd12 Size: 88.06 KB (88064 bytes) Detections: 2 Type: Executable File Path: C:\RECYCLER\S-1-5-21-6235212095-7412704869-181541659-8761 Group: Malware file Last Updated: May 8, 2013

Analysis Report

General information

Family Name:	PUP.DllInject
Signature status:	No Signature

Known Samples

MD5: 7c64deb5e358dfe7f13f0c4c5ab66494

SHA1: 6869f8c404050205ab2bfb214516bb7bae82cbd6

File Size: 108.05 KB, 108052 bytes

MD5: 07b31ae4d514518885def22c93c63622

SHA1: 6751ac88cdd61392b23f340278b23a70256cff2e

File Size: 8.93 MB, 8933376 bytes

MD5: 56292b0399f931a663c74d2970f43df2

SHA1: dd0df2e569c2456f797ef8b40d5390df15f4c3dd

File Size: 536.58 KB, 536576 bytes

MD5: 1e9f81a2c7e1dd6d91f2c328ff6bcd10

SHA1: 8bba07580284b35324988875f98d22e33c9fb872

File Size: 34.30 KB, 34304 bytes

MD5: bafcbf8ade3ad4803c53ea643cd77902

SHA1: c1c51eebb80f21dfa63299fdcc2714d8d86e7c8e

File Size: 115.20 KB, 115200 bytes

MD5: 81248d2b70e4db8a605e30a0e4e42621

SHA1: 40448f7c82220f59537a7f7fc8d649e6c8670482

File Size: 108.05 KB, 108052 bytes

MD5: 5119923f77b593e333601cd0ed00fa94

SHA1: 5634c751555bc94a5c291d57d636deae3a870b82

SHA256: F34CA85AE7B15FB7966A536B6F3711F1E3D2D692F1979394E9DD0B1224CFABBC

File Size: 93.18 KB, 93184 bytes

MD5: f5cf0207f3868a6d14b66072bada310f

SHA1: d8c020daf09518c69231414df2c7135b3ab42d81

SHA256: 126B0B896146825689A15693A5CA6454F352397077AD4EDDC3E2B72FBAB16E3F

File Size: 14.34 KB, 14336 bytes

MD5: 11e2c865761032eb777a05e7361b0949

SHA1: 4f400cc5ba8c629257e5ee9e36bdcdf48fe5e099

SHA256: 66D373E36A0F32E7680135FCA72F2D8CBC12E81BC3376C12A533DB30200748A3

File Size: 13.31 KB, 13312 bytes

MD5: 00e54eaa234126f7fbb568fd429c7c90

SHA1: 9328d376c56f4074d58cdb672718f1d1c7342c44

SHA256: EE3ACFC8FB033304A789A75BA8021A7EFCB0AD2CCEE18230A0C33774F03D69A4

File Size: 26.70 KB, 26696 bytes

MD5: b4fd601e96e7a41a46640295db035ecf

SHA1: f2c568220da96a4fc92b239593e0770ba30d80f9

SHA256: D6DAA1D83906163A7F23808F0E4CF69E4FC50BB44ACBDACD1C096784F941E06A

File Size: 5.37 MB, 5365248 bytes

MD5: 0fa91a991f160ab2275ba6b6d0512ff1

SHA1: 7bd1054a08a0f47757b5682b6aa298196a73ed96

SHA256: EA61E0F8D4AC612DA30F1F3B57D90EDD188C29877D54574B67A60610A0900D73

File Size: 23.55 KB, 23552 bytes

MD5: 2cdbb700401a914ba45d5250ae1383c7

SHA1: 9d953ec868db4ed5686b0bbc1334c657b8fdde9c

SHA256: 93EEDBD2029B29ECBD9B8767998C7978E135F70CB4711679CC28B8374BF7E67B

File Size: 9.73 KB, 9728 bytes

MD5: a1da8c6b0b39c5cf83ee666931c90434

SHA1: 28d955d71b8cd5e74bc8919fcda226bd0799b0a4

SHA256: ED00CDB8C694DB8F42BFF47FC5A1B158DADA245B875539847CFF1B97FE907BCC

File Size: 59.39 KB, 59392 bytes

MD5: 0085fa43c6eebf59157932371f8cc923

SHA1: 65863c9f134acd11b4d52ff0521dbc8476533a39

SHA256: 26DA02B9C4D65B8F2D6596972630394DA4E862787E1F874642E6951D82DE26CF

File Size: 14.34 KB, 14336 bytes

MD5: be27cca6942b592c59f5eeee0755cfec

SHA1: f658d1f18b7a7a032eeaa1c9bee072b4583bb6d0

SHA256: 2FEE79EDC8A64E85C61BDF1902BC856F35717085A7D044E8D6238D5F30F6DA0C

File Size: 52.22 KB, 52224 bytes

MD5: 74e8031854c44fc857c98139cfb87b34

SHA1: 5ebe1bbdcabca75a469d44c3ca8bf8f6a095a175

SHA256: 0096799CF28A7BB937A54F102D5B57CC35871EB8E08CC69008AEDDA21A1ADF26

File Size: 252.42 KB, 252416 bytes

MD5: c44b5f2c32019eb1d23327ba7eae5a43

SHA1: 26c9feee27d3a25eb4109fa0ecb798fadb03a8f7

SHA256: 9A14B09639F7296707AF6EB5CAB03A0F1023ECF3BCCE286D47FC6E5F7C0D8765

File Size: 93.70 KB, 93696 bytes

MD5: 02bdf096562b4f2304d959cc9b457a0e

SHA1: 4de83ca8986188b08c4b3d57b7d4076e89e95e61

SHA256: 12B036A65641FEE2386FC1398CBCBF00C04A5EDA740139305B3BBA64177D280D

File Size: 247.30 KB, 247296 bytes

MD5: 687a8b52c75aec6f820ed19ce662f2a7

SHA1: c2a9a614dd2509de4a908d8e6bfccd238b889aa1

SHA256: BE1A6F9959C725ABBED3147ECF10929409D7FCBA1766F52BBD6E0C4F915095AF

File Size: 29.34 KB, 29344 bytes

MD5: 2e7d767101aef83b4568339fec2c5fc6

SHA1: cff34e7b94a0b4ad1b73efb107bc0fdffd5c7f68

SHA256: 9824CE74F0D0E782C89C079726C821D873919723B7FA7139DF37AD8E9D2B1803

File Size: 7.17 KB, 7168 bytes

MD5: 7454b5a31af9b6c3ab794edb96a273c5

SHA1: b6c6a11337919b48cbd58cf31c65085ff90e571b

SHA256: F4C27C27DFB94876C75F9AE0D76DC4EC88EAC22311E0E94E9B2A3C022F0C3F90

File Size: 26.70 KB, 26696 bytes

MD5: 72e0c734fd6786067c012ade6bd2fcf2

SHA1: 17a49e5d562310fb1cf5ca1fb9886ca5f2b12c36

SHA256: EA4B79F6D7C1AED5E8692F9A0C09490054F7E7F7BC7D368AADD6A75647351224

File Size: 991.23 KB, 991232 bytes

MD5: 9eed9bfcf3e95d813ea1b0caf7a0134d

SHA1: f86a496e6ae29a6e9ac2a7633ea4d17563fc15c0

SHA256: FA9A9FDF4BC981D538F36D3BDE8114433885C5C21B9402A6B549B98EF0F5AF31

File Size: 108.05 KB, 108052 bytes

MD5: 6cf1754e8ad524e05966f34d1860a4d6

SHA1: 99b67cb1aa95abd741945e880b75232890bd8dcc

SHA256: E5102A296C43F89D951F0ACDC0A24967790549174138350CA52CF5AB9CC98D6E

File Size: 108.05 KB, 108050 bytes

MD5: 71a6c295888c639a8b0841898be27d17

SHA1: d1798297de122f69b0462d4221e6ba2aa65bbece

SHA256: 70A399C0E94C16555AF6F5F2B81FE0B97E21DF66501BA2D9946AC8D8524A0876

File Size: 51.20 KB, 51200 bytes

MD5: 4426f62f7e0a363b9cbe3541e8bd21e3

SHA1: e156937e56b067cc1d03511bd01ccba6d238f8e4

SHA256: BB094EBB508F157E4ECF848C9BA869485EE54BE571133FE857A49B78430A4BF6

File Size: 4.71 MB, 4709392 bytes

MD5: 4e58a5e71a1e941523af33c4b0284b58

SHA1: 26906ecfcc71911a89740f4fbee7df5ea2e6734f

SHA256: 4E5A107C2BF5C0163790D8F9AF0A4361A039A4222E0EB4B3788153A9EF3E78BA

File Size: 167.94 KB, 167936 bytes

MD5: 6ee8a77c909c124a921ce0afabfd3430

SHA1: bf1eaeecd842a11cebe7698f13949eed60619ab1

SHA256: FBEA74832BBCC54D795995331094902D87E97CB830274FB4C9CE6E6BDE699B06

File Size: 8.06 MB, 8062480 bytes

MD5: eba20b6754ff14e78c32cae1211fe3e0

SHA1: b16d73ec59ce768659ed3e849d88e3d9a852d71e

SHA256: A584F556C34363975990087D0BC853E79C27DE8B04EE1ECD082EAE14B1D76273

File Size: 742.40 KB, 742400 bytes

MD5: a12362172e8909086c1642cfa88edc33

SHA1: 9f557bea605e6ced2eba01af98931fb337d43e41

SHA256: 6E94852BB7CF4FF81AC2CED4BB03A0607B514A0CE8BB5BD2A1E1A75E9B7A88F1

File Size: 404.99 KB, 404992 bytes

MD5: fdc7ce848b5c218ee14d1c98abd9ead2

SHA1: 32bb674201bf51c9010ab627c365168541f6beae

SHA256: 6B592E1D35D65CDE9121E26F6CAD945A4EF56B03818D4F25F2F5BB9AE5F5877C

File Size: 108.05 KB, 108050 bytes

MD5: 121f78e291dc5ccf261665172384df50

SHA1: 96250c5a72607fed9e52995432cb50bd34cbd036

SHA256: EFF86357078B33CBC3496E3E38574C4C129A9DDB65F2EDA929F582D5036F2D3A

File Size: 819.20 KB, 819200 bytes

MD5: 1bbfb81b0ad5558a15a258712a5b6fc0

SHA1: 0ccfa178a5e3e75ceb5ad0491e4d32f78a72b947

SHA256: 86C9102A8E0F5051F84AF12199F6CB452C560488D86AEF8832EF30A67D1C9CB7

File Size: 700.93 KB, 700928 bytes

MD5: 27b4df10699bd452b1fec1414f4e99c1

SHA1: 47215af3ddc9f7532ca7af561faf9ab2600fe121

SHA256: 295B63A58E72CB5288E193C2429B73DAA8D57497D65802C95150367183D2FCF1

File Size: 1.97 MB, 1967616 bytes

MD5: 88f3fedd3111f7d4ea4718c6012bad04

SHA1: 4202f805e0c71ce7108193368ce704d75c508858

SHA256: 2B6AADD6F9C9F76C0EA36D9D2280CF5335A5B8E172DFCD715A94DF66D930BE6D

File Size: 29.34 KB, 29344 bytes

MD5: 361810b5ce1465a232d7942af83a9b19

SHA1: f2654b611c93efc94cff2a1394a523d7cb0a9406

SHA256: D7C5532C6F3D34EBC88CA3FC85B6FF8A9FEF4A26A0EA0EF845FD15B6712C74D1

File Size: 23.55 KB, 23552 bytes

MD5: 0169a7c688d4d5dfc58857ccd8128619

SHA1: 9d0f5a25fe50f1a996b247bed09b8105ee541363

SHA256: 86EB4283D0E40D1CADEAC071E1FAC19075A7A23F1DDED555888B0CF90BDB2559

File Size: 12.83 KB, 12832 bytes

MD5: 37194618c66cecf79980691866943ecc

SHA1: eacbe21c98355dbc540ab5f8cd3abd8c18f697fd

SHA256: 5C17B5EA6238C0CCDC696EBBFAAA88170D7C848D98E732483AE33FD3C8BF08DC

File Size: 1.30 MB, 1297920 bytes

MD5: e9dee8392fb448bf1f55f3bf20df5144

SHA1: dfa967a02b2c9fb7dcb3177c91673e8cb3d59c4d

SHA256: EFA80B62F6024AE1CECD21FA473EC9E2DA8C39283339B5D5A9595CCEE9B1BE37

File Size: 3.38 MB, 3377664 bytes

MD5: 6eec0b9bba6e48c0851d1f4c935c697f

SHA1: f78f80516308c83ce6bd4ad5196d77e032c6366e

SHA256: 16C10D75362618AEBC8F1B5FA3F5FC2F3AE9A012055DE9F8F8C8311E6B36C262

File Size: 1.23 MB, 1225728 bytes

MD5: 684fabc730e7232ecddcf1e1063cbff5

SHA1: bd377cfeb5d76603ace5ffab98610f27da3c4102

SHA256: 71202BD44842496B512DD6DC99C918A7BEAB0CA98CC6F4EB69123AAA6033ECBB

File Size: 188.42 KB, 188416 bytes

MD5: 3495ce175e383ec73b6ad1fa768c3fab

SHA1: 7d9fa692992b01c4d1edd35078ee2955a2c6d687

SHA256: 5C65AFA291B53D306309EF985605F02982557BA9EC5298CFCB13D084216691D4

File Size: 23.55 KB, 23552 bytes

MD5: a914ea1b43bcba783ea840a4384eb973

SHA1: 46383ecd54494b5255f8ae71f9bc618bcb77ae30

SHA256: 64BCEFDB486BE4B33633C3F3586D19B77E4F0A9D654E1977D4EFE8192C656393

File Size: 1.47 MB, 1472512 bytes

MD5: 918839052a904dd5b6d2b5c898b7b6e6

SHA1: 2dc78c80762b95c6fa2a83b313931f9435e064b1

SHA256: 492EE2F48FDFFF37D7D18E23BBDB3FABB15D11205425332C900C0C5492BA61DC

File Size: 633.86 KB, 633856 bytes

MD5: 0a2d554c53b7104316734fbba7694892

SHA1: bed8f092e72e28424b4cb9fe77a13312ebf955bf

SHA256: ACE53968AFEB384D77299E384F839F27192E1DD5B23D9B08366026098F6B33E4

File Size: 23.55 KB, 23552 bytes

MD5: 9483334f84f982db2a1a507f86a22b98

SHA1: 02ea43dfd81f2a9aa02b55d3a233255ba90f7bda

SHA256: 378DAB13C07B939943F2B8C19FADC3DBD6874910CDAEC8BE4E9A7FC966D13657

File Size: 108.05 KB, 108050 bytes

MD5: ff50a25e45e5ed42186d394ef453f21d

SHA1: 33cac4fc3614233cb83fc1d92641cf5b0bc5cfac

SHA256: 3B1FEB3F462F920717252EDB4C5D352ACEF9FED60571392CF112FA39B1CE7555

File Size: 23.55 KB, 23552 bytes

MD5: c21c8349558abf97c033a36f1bc7279e

SHA1: a21e4ddb02af117b57987ab54c4629b941c3f136

SHA256: 0F8AD061C3E9391B8E81AAE9ACF17FB014A70CEDFB9D3536045BC8644E65D25D

File Size: 611.33 KB, 611328 bytes

MD5: 0fde20af32c04081ec45934d560cbfac

SHA1: 13898bb5378ee084ffd3ff2ee1be4a829bcdb0ba

SHA256: 8E50786AECD68694CFB616B8B283871EEC9FC5DB7074211FA42D936E84C56719

File Size: 14.34 KB, 14336 bytes

MD5: 475fb392d2956aea2c3046d5985eea5b

SHA1: 930eb80590d99924c48fb8e7b9b855aa554a2774

SHA256: BF96E0C7E1B9591F6EF0EC3243B765BA1ACBB2EB6D2BDB47D9569A16EAE6F270

File Size: 2.77 MB, 2768896 bytes

MD5: dbd8ce5adbe80a05d5ab29923afabd25

SHA1: ba1a9f8523367b934321b6d9f61c45fbd2f0b372

SHA256: 077A223EB99D15A9E185DBA313FB654C28EEA9FFE5B25A6CC837CEEF3B16889A

File Size: 108.05 KB, 108052 bytes

MD5: 1e00f7893acda3f915e82a1bcf247364

SHA1: 34f2899a6111707208beea223785f92f133de36b

SHA256: 3F0C1BCD5A5583A7D15691C6CA8AF135704FA4D32A132E744F70B907D85D955F

File Size: 108.05 KB, 108050 bytes

MD5: 6b5de704dd5d513564430119c6c18854

SHA1: ee5e5d1e49d8661aed8e7ff2a259745c6044574a

SHA256: D46606DC0C0FB777659980D1938C6653952055DCA0F080FA82CC7A4DF66735D7

File Size: 23.55 KB, 23552 bytes

MD5: f2f78158d569148a0c30494593ad658c

SHA1: bbd8669de12aa5d1d3159a1ee9064f065f1c7032

SHA256: BBD4036AE64436D830985A21273F746606C92B6E420CD399C0F581777D5EB988

File Size: 51.20 KB, 51200 bytes

MD5: 8c59024c92d2cd40bc80d3d9a9ca67b9

SHA1: baae7c87920708b79ffb88ae1b45bd1636c8190f

SHA256: 54615663C2A479573257868DD0A4C6B428337AF2781002C0A86DAF6139C186DE

File Size: 38.25 KB, 38248 bytes

MD5: 39f36a45d265f796437bc2d26242886c

SHA1: 18329eeea35f4ede86d043faf4b16775a0c1c8cc

SHA256: 33967B0A2AD7FBF9C4E6B64EF28678AC234D13BFD13A92DC7ED0838A89E6C094

File Size: 39.42 KB, 39424 bytes

MD5: c4156dde767014088deaf6faba6d121d

SHA1: 08f38e36151a03f9d5c64f7600b7780a6899dd7d

SHA256: 61AB71644D9276658A5CD6117C392C53A52098881B285828F3A96725F847E7CB

File Size: 508.42 KB, 508416 bytes

MD5: 8014fa7e3b7ebd12acd43f05ef2e3c3d

SHA1: 306cb8b2ce4e076125b758d8f1221c9d46a90456

SHA256: AE2974EEADA41DB46D4FFC3BE35762C3D48E492EC7F7F348FC2AFECF4F079E7D

File Size: 233.47 KB, 233472 bytes

MD5: e90b39208d0b6ea24a29038dbf54066a

SHA1: 28844ce507235efb2dd1b4a43100a65d24c22bf4

SHA256: A3AF2993113CE9678E716DCE6AFB33118248DEFBCDDFB53D758E629CC374147F

File Size: 502.27 KB, 502272 bytes

MD5: eb415648264bbfb670baac6703bbfdb2

SHA1: b06fb6e4451ee9911a54e24a93640c13ee659be4

SHA256: 612EED929E109C0639C90A58B278F91081EDD2DDA11B3BA2FE61A88F931C5344

File Size: 23.55 KB, 23552 bytes

MD5: f788b4af322275ade1819d9e24c2cf2d

SHA1: 18f54d5a987c60506112f779f6953b44c3625fff

SHA256: E5278DDF4D0BFE02D01E1B644C90220121ED7021514FFFC2F68592D58DEC402E

File Size: 633.86 KB, 633856 bytes

MD5: de225b93a7bbffbbe16bc5511cf24156

SHA1: b5a414cc36aad09aed9fe58619101fb0d3290e52

SHA256: FBD7948AC130BD67D63F752C12027160005293E7CCFE0D77B9B14B079D1B7DFA

File Size: 8.19 MB, 8193923 bytes

MD5: 2d08b28bf20bd5858ea26ae2946297e4

SHA1: a2d149e43cda3fc57adc95fc03b7f8c7b4e163a0

SHA256: 033F5DFE0C2D250CB8AF60B85FB866DB108D087875261815F236545772C4DF70

File Size: 281.60 KB, 281600 bytes

MD5: a53db7c90b8d519de3c92ed381ec66ed

SHA1: 138a43e7cfa2af71b4ba75c2f2e2b6c12eaa1604

SHA256: 6ACD7A8657674A4AC16AE377DEB6BD3E649AD31A3CDF6F172269CF84773E5448

File Size: 29.74 KB, 29744 bytes

MD5: 7565fedf6272af8caf9e2834f9c86f4d

SHA1: c87dc8a2f00dc8b559cb7c3bee46f070b2badffd

SHA256: F4B58CBDD3EF532F3A59DCE1B2A12BD6DB95764C2C9BFCAF31E35FDA91823521

File Size: 23.55 KB, 23552 bytes

MD5: e5f5b58b90798703864f1a84b6cffbcc

SHA1: c1640c57e066de59927df459a308bb83dda55b97

SHA256: CE13A73FD9040F6E8B25F587B3A554D1E6A254C5EE5EAE2F5B6A63F1CB4FBD9F

File Size: 61.95 KB, 61952 bytes

MD5: 5f8f154a4ff4875c709e220d63bc1b8d

SHA1: 5eabe1ed731fdb76e0ce9238a52f721e7dd658ab

SHA256: 8376CF8CBC5BA894936CC7F43F4256D728EE3AFBFD78B54109962926B3F1697C

File Size: 23.55 KB, 23552 bytes

MD5: 08d74fc03a030c50adbbbaf4274d3ca2

SHA1: efd8c91be92f7af6d6dfdeb2cb1b0823bb32c3dd

SHA256: EE9EB80E8D197523FC20D137EEDBD35A7D975E0322D6ED2D959D260A2F0AB1D5

File Size: 121.86 KB, 121856 bytes

MD5: e106cd93091a83dca02279f760c085ed

SHA1: b49e04283126b2b33cea79017621860ee726be2c

SHA256: 47E24C479CEEF89C417E432D8CDC7E31E9784092B8038853E6439B326D91B54C

File Size: 19.46 KB, 19456 bytes

MD5: cabb3e064462a98314681655714268c4

SHA1: 67701764f1e0284046c722a5eb7533a0a0591801

SHA256: 3EF4AC72AA2473B7638F90A73A0934EDF4BF77839037420901D8A66DC52FECED

File Size: 86.53 KB, 86528 bytes

MD5: 853c433018033459e2d4099e7e46d1ff

SHA1: 4060393e9ab50f48d5cd6590face70aa249bfaa5

SHA256: 12318BF8B47BF7F61AAEBA5FD63165430F67716B2E4EB9B71E42C3FB1142327E

File Size: 1.19 MB, 1191424 bytes

MD5: e6884f8f1cd62e5a62f2a8e4e8e5793c

SHA1: 2a800ceca43f2cd32984d5308da2fd3e017722e8

SHA256: 246AA353875960BB2D0B4AF622EE3AD78C0C797F57C0911529965F336B6BE04C

File Size: 653.31 KB, 653312 bytes

MD5: c55cee2e91fc8488fa9ad875946af3f2

SHA1: 35fc8a73db59a8c8c2762015cc0a1d82ca6af810

SHA256: 3561FAF5946B74C896381895DC07687A4116550A43733DD7A3996C3D5D019631

File Size: 908.80 KB, 908800 bytes

MD5: ce8dcdcf411b226693030343a402802a

SHA1: 8aa8c8dcbb2b23e17204ea81adb9d8b9b701bc4c

SHA256: 3D5450402923F0011389365EE781E75916616D3F9475876B1D29B9B1CD617B14

File Size: 1.26 MB, 1255281 bytes

MD5: 45233c61c89816b3ca1d7497e92743a5

SHA1: d8660d6889e0d4c5f34c80405f9af40128358cee

SHA256: 5A73E1751F691405A530884EF0C8E0086D2DF0F9AACD999453D360CEA28B5D48

File Size: 627.71 KB, 627712 bytes

MD5: 0c989c890c8e3b2775d3f8790a2dc074

SHA1: 82d5914ab676dfdc1df3188d94d58f93f91a01e2

SHA256: 31AD81102713CD8943C833CBBC8BA958297C413F2F4B4A676ECE84B1A02949AA

File Size: 25.60 KB, 25600 bytes

MD5: b15ab7bbb5dea2aa8ad5237354f29fad

SHA1: 87ebabf4b7f56251cfbf4f345cff0039d3c8e1a9

SHA256: 4C59F00CBFB8024FAA951D8473FCDFACCC06AA315E7F888D400AFF661466EFA1

File Size: 140.80 KB, 140800 bytes

MD5: 1a479a63796b760ad784666f42ebb98f

SHA1: 8d400b039974baf7244e94264a5217f28f72eb05

SHA256: 6174547BBB0DB585276EAB88FBD660CE3924B6BB5D63E1BA789C02AE083DEDB4

File Size: 37.38 KB, 37376 bytes

MD5: ad00404f4cb2dc17159d2b0fdff31018

SHA1: 093a5e71c4a1f03f87826f1d6293672b401c269c

SHA256: C2BF4A435E834489F041DFD0C7954DBCC1B6D2F4914E787EBA52FBD5B1CCE657

File Size: 1.72 MB, 1722651 bytes

MD5: a8ad93566df775afefd80dc31edf7b9e

SHA1: 9e8d897c715f3cad993c1b7f99240a8845a4b902

SHA256: B5AF4B8E5900E272784454B594FE3AB49EB2FEDE8FF8A5842176D14AC0DDDA71

File Size: 2.30 MB, 2300416 bytes

MD5: 2aed9e61dab35442bd4b8603f3c7c404

SHA1: 9b522d14ff2761c6762e16923ccd7064aae467bd

SHA256: 28ECE5A821A48211A4D38F747903363CF293F9CF0BBDDA0E30BE62C040CD59AC

File Size: 827.90 KB, 827904 bytes

MD5: 90c95495998e704dbd64148b2dbfc792

SHA1: ae440440edf275d5bc38507238581e6dd0b9f368

SHA256: 9C850A5F331EDD2C24182C6388DA727F520CA1F58D93F21735248FABD05FA8BE

File Size: 9.99 MB, 9986560 bytes

MD5: 3773b33c06346a1ed4d15b1d80d4911f

SHA1: 7e9669b2774412ea49be9b282043c0d6996cdd89

SHA256: 3F9F21334001E1DA928A04C6C1BC30BE6A61B67C7C02BF57BB510ADC375E6D3D

File Size: 392.19 KB, 392192 bytes

MD5: 5b964e9e7f97232738e46b11f874646e

SHA1: f3246373f212ad033bcdf826403ee0a4416022dd

SHA256: F40FCC35DCB2F236130F981895743317EE7AC2E7088F77B697C93E2A53B84524

File Size: 79.36 KB, 79360 bytes

MD5: 33319f06bf60b634cf7b3c8080e98e58

SHA1: 3398d87062690ece3be646ede88362a6da895441

SHA256: 94B396990426050BFEBC6FAA620BF1CFE000216571E7E6184C1D04033346A20B

File Size: 760.83 KB, 760832 bytes

MD5: ddd55f74c87f23125117febe9edc7958

SHA1: 37b1a449296e2f419db9a9409701d1e3e5ee146e

SHA256: 0C8E347CC63173A52AA0BE50819968B8729B8952F6DB7E9ED00BAC29EB603CCD

File Size: 462.85 KB, 462848 bytes

MD5: b9037c333e7da3fd1b53dbc1afd8238e

SHA1: 2ba2ae2fd85443b9d5a846787b65abbbb7734b80

SHA256: 7C23396F1501119EDD5C444782A88CE20D53C6B56AD5D41C440FDEFA8EDB118E

File Size: 8.64 MB, 8642560 bytes

MD5: 6687b0f32dfef40256885d777b37a402

SHA1: aade07d89e03394ed3f91346a8e9a2c594e8898c

SHA256: 2B600FF331D90017E6B3C82D8E78A5EB45993FB9CABA03A0C695AD52DDF14329

File Size: 913.41 KB, 913408 bytes

MD5: 2cb53c2e3eed16d32cf1a4b8eef3339d

SHA1: 52393a06487722fa5edd58ba338a7da6baa4603c

SHA256: 36C347FE44DFEE33210F3F04688B2DE35AA30BF49B1981D7C4E81EFF02ACCD34

File Size: 166.91 KB, 166912 bytes

MD5: 0f6a171a3dc65832ad9794680da9bffd

SHA1: 7cddf6a1657a71e1c7bf72a7c8bb498f2f9ae779

SHA256: 738682B2F894AE1C6F8F6EBFAC70E3C2E75FD43EA0FCDE840BEA938A414978B3

File Size: 72.19 KB, 72192 bytes

MD5: cfb02d6b9ad62e58c47c8c5553540bcb

SHA1: 5eabdb8065779a57b789bea1cb45c38fda5d0648

SHA256: EF0DC496FD59A74EA1B6C03D0A4D585387F642911A2C419F1EA57C1BAE58271B

File Size: 14.34 KB, 14336 bytes

MD5: b96e4e4466b04437fc7875559ccf1983

SHA1: 08fd136f59b0822de87a00c293fad19459ee8819

SHA256: 6F0E80E6F0DDAA5F8CDED576D7F60413D0D59D3AF6DFBF1637F383276B32BD13

File Size: 24.06 KB, 24064 bytes

MD5: 325222495c4ff0e649253ca049c7373b

SHA1: 250d96b127dc35df864c10428ccde4d333a6d460

SHA256: FF4FA8328E67B91EBD2BA3939C767F6239B812DC291053480CEBEEA862A14714

File Size: 142.34 KB, 142336 bytes

MD5: 184b92c4ffb5a8ff98454f7f08ab4c88

SHA1: 811768d4c62f2470aa69cfa5862073678063e278

SHA256: 9A951FE3120BF9CB37A41EFB0EF3EE518969311223762DF1BD7BC7B60ACB4214

File Size: 1.29 MB, 1288704 bytes

MD5: 615a6a863a2f8876a1b55b09f5363a03

SHA1: 633bc80660f1028db325904510f76a319662f7cc

SHA256: 30A4960BB8257C7B1FF756D42B498A495179493ADBD2591752C07FD0BFC2E509

File Size: 7.31 MB, 7308288 bytes

MD5: 15cc96d4232dbe028bbcd284b51ab0e2

SHA1: a8d43129e97e37122e4ad3acec6e83b8ae7001bc

SHA256: 6BE550CECBA07200C0BC01A44EBCA07C41942201D47100C81514FECF205A366B

File Size: 537.09 KB, 537088 bytes

MD5: 1545b7d30320510d1f1c8214c1e97055

SHA1: 9f765b7139837aa74e2b0cc662b450f8cd89c92c

SHA256: EEB76A4E70507E6F72E7F3AEF279C6FA0550F30A043DBA8B6BAF474D355030D5

File Size: 645.63 KB, 645632 bytes

MD5: fb11d23972e1cccfba65afc9642d3e5a

SHA1: a495907e8f1649fb12d21e5c25c4db1af979d46a

SHA256: 71EB0A72735A647669638926EC0307702E9858E80039929384B24FAD0A2988F7

File Size: 23.55 KB, 23552 bytes

MD5: a7a2b080d25b2c2c28d835fbe7347147

SHA1: 465652c26ae0d433810c381c146a3a6218dcd7df

SHA256: 79B19B60E7B76ADBE214761F334C70958EB65099F04D1CAFB9F97691B3BEF4F5

File Size: 1.03 MB, 1028096 bytes

MD5: 9fd892fe10e253b149d4b96c700a6ba9

SHA1: 1db618992b151f1ab127c6d303543b22f93b5c3b

SHA256: 553ECC6E1B264DB2BA79A22E30C10E44C6720EBB5A6D02E3503BDBBD3CF731B6

File Size: 353.21 KB, 353211 bytes

MD5: d40d045ead33a2da7c060a0bc11edf26

SHA1: 8b801167b68fc7127915f62ddb2ae162e8397b2c

SHA256: 42A32E85CD3EEF914CCA0859A1DED1E08D04712307343908526DB865D5201727

File Size: 157.73 KB, 157734 bytes

MD5: 46390c1fa50d94ffa64b8ad6458a830e

SHA1: 2bc7893427f9211adbb15ab7f289be527e69c269

SHA256: 14AE2D0002EDF39A5C2737B4C5378EBEFC76E88B0BD3B9ADA3EB656D0A2EA2CB

File Size: 2.11 MB, 2109440 bytes

MD5: 066ed450d496210504d4b9dd55e9ffb4

SHA1: 0f05c87ad9d3f66c22b36e30689bbc122fa917b5

SHA256: 516685FC95272C87108F1008B412C5EBC2B13C850E8C90E46B26FCB98042A014

File Size: 76.80 KB, 76800 bytes

MD5: 286f294bfb964a10b51e579f5179d75b

SHA1: 0b93203aac89eedffea127ce431ed4eb807389bd

SHA256: 3861C26E9C7543F87BCB893296174C0B15C6406130CBE58159BC4B30EFE53491

File Size: 7.73 MB, 7728128 bytes

MD5: 6e68e6eaed109b17bca55d6343eee55a

SHA1: 24d2d8324cec5e4a0860efc7326050ba2741091d

SHA256: 9C51978E156C991EDEDDFB29456E25649674B56B6D2BF2AB7CAEC2CA8F0FA9A9

File Size: 43.01 KB, 43008 bytes

MD5: d6114228e293ff51cf3b80ebbb426516

SHA1: 7e9ec3b493b05bf50fbc6ed99e95eed2fb29cbc7

SHA256: 5A0267438057E2F28F99B556EA44D30D1CA3340B891E0B142173F6023C60D077

File Size: 26.70 KB, 26696 bytes

MD5: 50f03ab7cdd6d8c18f312caa75f27cc5

SHA1: 0b2bdb310939a3af5a7c0597b109cb272594ebe4

SHA256: 3978124E8CB119066A3DFC61D3AF334C9F9AD50C0A121F97A147700C060ACDB9

File Size: 393.73 KB, 393728 bytes

MD5: ee5ea41fbdc2545741cd27181c8f70d3

SHA1: 4779f7655472e68508a4b56291747e0a7fda2566

SHA256: EF6E637CB8E30B53DB79D63EDFBC459428813E49796929F3600B723126228454

File Size: 602.62 KB, 602624 bytes

MD5: 22d004bda96e03c9463bfa102e2d4cf3

SHA1: aa73b27bf435468224209e2a06c2e8b2e6c9d8ad

SHA256: 13BB95EB2BB897EEDA101B738C7C7DA044CD2169A0551C781290F8EBB2C518A1

File Size: 73.22 KB, 73217 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	3.0.0.0 1.1.5.4 1.0.0.0 0.12.2.0
Comments	A library of utilities for interfacing with classic console games. Data Structures 歪歪加强版注入器
Company Name	acidicoala ʕ •ᴥ•ʔ AotForms F9 Inject Igor Pavlov JN Inject Meta.Core MisterModzZ Injector Nebula launcher PG3DInjector REPX Show More Steam006 Tekkenscript Inc. Tsuda Kageyu VixEector Warp World Inc. 歪歪加强版注入器
File Description	7z SFX 64Inject AotForms Automatic DLL injector ConnectorLib DLLInjector DLLInjectorApp Empowering automation in Tekken development with advanced scripting tools. EraLauncher ESPLINEDLLINJECTOR Show More F9 Inject FNModLauncher JN Inject Launcher LinkNeverDie.Com_Lib Mars Executor Meta.Core MinHook - The Minimalistic API Hook Library for x64/x86 MisterModzZ Injector Nebula launcher Nucleus.Inject PG3DInjector REPX SBMultiLoader SelfBot SkyCoop VixEector wpf zMW3 歪歪加强版注入器
File Version	25.01 11.0.0.0 10.5.0.0 3.0.4 3.0.0.0 1.3.4.0 1.3.3.0 1.2.2.0 1.1.5.4 1.00 Show More 1.0.0.7 1.0.0.0 0.12.2
Internal Name	7z.sfx 64Inject.exe AotForms.dll ConnectorLib.dll DLLInjector DLLInjectorApp.exe EraLauncher.exe ESPLINEDLLINJECTOR.exe F9 Inject.dll FNModLauncher.exe Show More JN Inject.dll Koaloader Launcher.exe LinkNeverDie.Com_Lib.dll Mars Executor.exe Meta.Core.dll MinHookD MisterModzZ Injector.dll Nebula launcher.dll Nucleus.Inject.exe PG3DInjector.dll REPX.dll SBMultiLoader.exe SelfBot.exe SkyCoop.dll TekkenScript.exe TJprojMain VixEector.dll wpf.exe zMW3.exe
Legal Copyright	Copyright (c) 1999-2025 Igor Pavlov Copyright (c) 2009 Tsuda Kageyu. All rights reserved. Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved. Copyright © 2018 Copyright © 2019 Copyright © 2021 Copyright © 2024 Copyright © 2025 Fuck the copyright 🖕 Sizzy and MaTiD, Copyright © 2021 Show More Steam006 © 2024 Tekkenscript Inc. All Rights Reserved. 歪歪加强版注入器
Legal Trademarks	Tsuda Kageyu
Original Filename	7z.sfx.exe 64Inject.exe AotForms.dll ConnectorLib.dll DLLInjector.exe DLLInjectorApp.exe EraLauncher.exe ESPLINEDLLINJECTOR.exe F9 Inject.dll FNModLauncher.exe Show More JN Inject.dll Launcher.exe LinkNeverDie.Com_Lib.dll Mars Executor.exe Meta.Core.dll MisterModzZ Injector.dll Nebula launcher.dll Nucleus.Inject.exe PG3DInjector.dll REPX.dll SBMultiLoader.exe SelfBot.exe SkyCoop.dll TekkenScript.exe TJprojMain.exe version.dll VixEector.dll wpf.exe zMW3.exe
Product Name	7-Zip 64Inject AotForms ConnectorLib DLLInjector DLLInjectorApp EraLauncher ESPLINEDLLINJECTOR F9 Inject FNModLauncher Show More JN Inject Koaloader Launcher LinkNeverDie.Com_Lib Mars Executor Meta.Core MinHook DLL MisterModzZ Injector Nebula launcher Nucleus.Inject PG3DInjector Project1 REPX SBMultiLoader SelfBot SkyCoop TekkenScript VixEector wpf zMW3 歪歪加强版注入器
Product Version	25.01 11.0.0.0 10.5.0.0 3.0.4 3.0.0.0 1.3.4.0 1.3.3.0 1.2.2.0 1.1.5.4 1.00 Show More 1.0.0.7 1.0.0.0 1.0.0+efbd74d75f2b562fdc70558a58a451f5370f6814 1.0.0+3b3794387be5a7c0c155fa310717ade6bf406c97 1.0.0 0.12.2

Digital Signatures

Signer	Root	Status
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Shenzhen Aidapu Network Technology Co.,Ltd.	GlobalSign	Root Not Trusted
Goat Systems Interactive	Goat Systems Interactive	Self Signed

File Traits

.NET
00 section
2+ executable sections
Agile.net
big overlay
CreateThread
dll
Fody
fptable
GetConsoleWindow

HighEntropy
imgui
Installer Manifest
JMC
No Version Info
ntdll
packed
themida
themida section variant
VirtualQueryEx
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	122
Potentially Malicious Blocks:	0
Whitelisted Blocks:	121
Unknown Blocks:	1

Visual Map

0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.FGGF
Agent.KFF
Agent.KFG
Agent.KFRA
Agent.LPV

Brute.DW
ComHijacking.A
Dinwod.E
DllInject.GS
Exploit.X
Gamehack.GSG
Injector.GFDC
Injector.LIA
KGBSpy.A
Kryptik.BBNB
Kryptik.DTGC
MSIL.DllInject.XC
MSIL.Downloader.Agent.BIC
MSIL.Downloader.Agent.BIF
MSIL.Stealer.FGB
MSIL.Tiny.ABA
MSIL.Tiny.AN
MSIL.Tiny.AO
ReverseShell.XE
ReverseShell.XG
RobloxHack.HI
Rozena.UJ
ShellcodeRunner.TU
ShellcodeRunner.XF
Spoofer.L
Spy.KeyLogger.AUA
Trojan.Agent.Gen.ABC
Trojan.Agent.Gen.DB
Trojan.Agent.Gen.EL
Trojan.Agent.Gen.HS
Trojan.Kryptik.Gen.BFV
Trojan.Kryptik.Gen.FA
Trojan.Kryptik.Gen.JF
Trojan.Kryptik.Gen.MR
Trojan.ReverseShell.Gen.J
Trojan.ShellcodeRunner.Gen.AM
Xtreme.B

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134121920958727830.7152.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_ol52yg5f.qfm.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uwrd5jha.hbx.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ci0-temp\logo.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ci0-temp\logo.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ci0-temp\rs somnífero.set	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\ci0-temp\rs somnífero.set	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\gert0.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\temp_script.bat	Generic Write,Read Attributes
c:\windows\hdn.dll	Generic Write,Read Attributes
c:\windows\windivert.dll	Generic Write,Read Attributes
c:\windows\windivert64.sys	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꅛ᳞ܕǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	。꾹ँǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	憉鍼ሢǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	韃溜✑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꌰ戓僶ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	瑐쌾懠ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	Ꮏ版框ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	飑僪盵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ㄌ充盵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	뜃㻤瘫ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	룺傁箬ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.96	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	渆竨ǜ	RegNtPreCreateKey
HKCU\software\coin::data	true	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⭠⼏缭ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	蹫⼑缭ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꟶ민覻ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAllocateReserveObject ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort Show More ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueryWnfStateNameInformation ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData 152 additional items are not displayed above.
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Shell Execute	CreateProcess ShellExecute
Network Urlomon	URLDownloadToFile
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Keyboard Access	GetKeyState

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e156937e56b067cc1d03511bd01ccba6d238f8e4_0004709392.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bf1eaeecd842a11cebe7698f13949eed60619ab1_0008062480.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\baae7c87920708b79ffb88ae1b45bd1636c8190f_0000038248.,LiQMAxHB


							C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c Color 04


							C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c cls


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\82d5914ab676dfdc1df3188d94d58f93f91a01e2_0000025600.,LiQMAxHB


									open https://getprivatenigger


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://getprivatenigger/


									C:\Users\Mfifusxq\AppData\Local\Temp\temp_script.bat


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -Command "Add-MpPreference -ExclusionProcess 'C:\\*'"


									C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c pause


									"java" -version

Virus.DelfInject.gen!AU

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Virus.DelfInject.gen!AU

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed