Extracted

• • Target

    SecuriteInfo.com.W32.AIDetect.malware2.15478.27881

  • Size

    614KB

  • MD5

    453b2f78f4e8e4791eee51b41e6b089d

  • SHA1

    3a27b5cfd0ced45acfad15d2a2abaa43aa003601

  • SHA256

    9af1bf846615baac47c6ca38ea7d960a5fbab1f840d51514ed69ed487c2a599b

  • SHA512

    c3cd664c1bc12e0699555ce7952c6088c92e31c335aefc906418b87344981f5c4cdba0133344fa71bf0f2037ca7768975ad9b06901e99178926a2f0196665e9a

  Score

  10^/10

  arkeiguloaderdefaultdownloaderspywarestealer

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2