Extracted

• • Target

    AEPFXFNV.EXE

  • Size

    1.0MB

  • MD5

    3daa66d053bf5aa603c9db0af979d2b7

  • SHA1

    5beb955aef82e5e487b50c3a7ba38ec76d93e760

  • SHA256

    bda842fc1f63fc6ab60f1964cbb4f25e655b92ffa0009d4b9a91f293e9b4f228

  • SHA512

    fd54c4568d7e508ce0b47ed6d71f519608b3e850bac54bba8f3f2dcdfa49fe9cc71caf366ebf089d090c399c25c8c2842fe9c6a1b7b494f1d03cf0b6bb8a91cb

  Score

  10^/10

  bitratmodiloaderpersistencetrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader Second Stage

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2