Extracted

Extracted

• • Target

    Geneforge_4_v1_keymaker_by_ViKiNG.exe

  • Size

    3.4MB

  • MD5

    8d5f03456bef80ecabf57fee9c49bfc5

  • SHA1

    afe5da8d259d648f6cb32eb81afe8a504804bc84

  • SHA256

    af21f2bb9d4f3933b65bfe469eeb5f0bbc50642375564eb471645d995f94e1f8

  • SHA512

    4049273bd945427a376455f90ce744daf8e1d79a66fdc6268e5c177de5f3d541a05a8301bc47cc360a8ede4e8ac11f7a2a8c47fc09c631f4799a39aaae0ade2d

  • SSDEEP

    98304:yUB2l3gv98UZhpBGedkDFK9l4FyK02ZS2WrkpbiZE:XB2yv9RhWGoFOl4bRZRWwZd

  Score

  10^/10

  azorultponycollectiondiscoveryinfostealerratspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2