Extracted

• • Target

    Callzy.exe

  • Size

    66.2MB

  • MD5

    3bc9c5473e674f5d584b89646e888b53

  • SHA1

    c78be7ba660fd03f0436ef578a83846588bea115

  • SHA256

    69f21bb3c528d9cd9197a73d078a279e48f405b9fa3b73c4dfd43434bb196ff1

  • SHA512

    b0267e5d43cd4e37261e93825d99fe20179ed513f0deb16ba4dd48a0b0f3173e6069e78c34cefab17068fc84ff428805094e598b0e02f81f2b98a44a92c99631

  • SSDEEP

    1572864:mTPkJop13yf5kD/HuwbYFGNy13y7acQh90R+2LY35qX:mT3p1QGHuwbOGcy7acQh90R+QY0X

  Score

  10^/10

  rhadamanthysstealcmeowsterioland20credential_accessdiscoveryspywarestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1

• • Target

    $PLUGINSDIR/SpiderBanner.dll

  • Size

    9KB

  • MD5

    17309e33b596ba3a5693b4d3e85cf8d7

  • SHA1

    7d361836cf53df42021c7f2b148aec9458818c01

  • SHA256

    996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

  • SHA512

    1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

  • SSDEEP

    192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

  Score

  3^/10

  discovery
  behavioral2

• • Target

    $PLUGINSDIR/StdUtils.dll

  • Size

    100KB

  • MD5

    c6a6e03f77c313b267498515488c5740

  • SHA1

    3d49fc2784b9450962ed6b82b46e9c3c957d7c15

  • SHA256

    b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

  • SHA512

    9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

  • SSDEEP

    3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

  Score

  3^/10

  discovery
  behavioral3

• • Target

    $PLUGINSDIR/System.dll

  • Size

    12KB

  • MD5

    0d7ad4f45dc6f5aa87f606d0331c6901

  • SHA1

    48df0911f0484cbe2a8cdd5362140b63c41ee457

  • SHA256

    3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

  • SHA512

    c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

  • SSDEEP

    192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

  Score

  3^/10

  discovery
  behavioral4

• • Target

    $PLUGINSDIR/app-64.7z

  • Size

    65.7MB

  • MD5

    3595d642a870de0fbcc822036b5ab3db

  • SHA1

    0dec5553aaddb819abebfcf7b7eb47dbd4eab567

  • SHA256

    e5f95c3c125693bb9593f0df93d28723b6f237db9ecefdc1a0d7ed9f8d6ab792

  • SHA512

    562c0ea1686c075ed5bab345d9497455266adff470a7d4f2edd90b378548647c244e5259fed164f4d081ea50bfbe9a2ef1d32f35d0194d4908ece8321c9efa32

  • SSDEEP

    1572864:BPkJop13yf5kD/HuwbYFGNy13y7acQh90R+2LY35qa:B3p1QGHuwbOGcy7acQh90R+QY0a

  Score

  3^/10
  behavioral5

• • Target

    LICENSE.electron.txt

  • Size

    1KB

  • MD5

    4d42118d35941e0f664dddbd83f633c5

  • SHA1

    2b21ec5f20fe961d15f2b58efb1368e66d202e5c

  • SHA256

    5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

  • SHA512

    3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

  Score

  1^/10
  behavioral6

• • Target

    chrome_100_percent.pak

  • Size

    126KB

  • MD5

    d31f3439e2a3f7bee4ddd26f46a2b83f

  • SHA1

    c5a26f86eb119ae364c5bf707bebed7e871fc214

  • SHA256

    9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

  • SHA512

    aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

  • SSDEEP

    3072:5KzwqCT4waJL2myFhPNL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:5Kzwt4LwmU3K18Gb0OV8ld0GecQ3f2

  Score

  3^/10
  behavioral7

• • Target

    chrome_200_percent.pak

  • Size

    175KB

  • MD5

    5604b67e3f03ab2741f910a250c91137

  • SHA1

    a4bb15ac7914c22575f1051a29c448f215fe027f

  • SHA256

    1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

  • SHA512

    5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

  • SSDEEP

    3072:+DQYaEQN6AJPRJL2myFhPNafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:+DQYaNN68RwmU0gx5GMRejnbdZnVE6YR

  Score

  3^/10
  behavioral8

• • Target

    icudtl.dat

  • Size

    10.0MB

  • MD5

    76bef9b8bb32e1e54fe1054c97b84a10

  • SHA1

    05dfea2a3afeda799ab01bb7fbce628cacd596f4

  • SHA256

    97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

  • SHA512

    7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

  • SSDEEP

    196608:p5zwSv9AAyse6liXUxCGZHa93Whlw6ZCXU0:pyKlysTliXUxCGZHa93Whlw6ZCX1

  Score

  3^/10
  behavioral9

• • Target

    locales/af.pak

  • Size

    340KB

  • MD5

    198092a7a82efced4d59715bd3e41703

  • SHA1

    ac3cdfba133330fce825816b2f9579ac240dc176

  • SHA256

    d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

  • SHA512

    590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

  • SSDEEP

    6144:ptbDrUln/WiOvz9P5D4uEmv0XPjC6nAcbaK6pgwwexhsVxS42K6tA3pU5tpwDw44:ptfOOiOvzg/mCPjC6nAcbipgwwePSS4C

  Score

  3^/10
  behavioral10

• • Target

    locales/am.pak

  • Size

    551KB

  • MD5

    952933d2d388683c91ee7eaa7539e625

  • SHA1

    7a0f5a10d7d61c32577c0d027db8c66c27e56c7d

  • SHA256

    55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504

  • SHA512

    5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

  • SSDEEP

    12288:WcWln6HuPPL8xJTgWHsEaYM5g9yaAVmHukPQyx30jH8+I:WR6YL8xOWHbaYM5g9yaAVmvPQ+

  Score

  3^/10
  behavioral11

• • Target

    locales/ar.pak

  • Size

    602KB

  • MD5

    98f8a48892b41e64bef135b86f3d4a6c

  • SHA1

    32f8d57ec505332f711b9203aed969704bd97bc9

  • SHA256

    e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a

  • SHA512

    6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

  • SSDEEP

    12288:R2adfMtqtWP8QvYUjBLM6kXBz5ANbT+NTgTbMMgSEN7o:R2YBS2H15o+u

  Score

  3^/10
  behavioral12

• • Target

    locales/bg.pak

  • Size

    631KB

  • MD5

    9dc95c3b9b47cc9fe5a34b2aab2d4d01

  • SHA1

    bc19494d160e4af6abd0a10c5adbc8114d50a714

  • SHA256

    fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

  • SHA512

    a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

  • SSDEEP

    12288:mEJqOwccalYrdAs1alUx42aVVwslyLKmF/RY3YKN3R5ObDGIV+Jfu64KyzEfSZpR:vqAZlYrdAs1alUmys8lY3YKT6q2Qu6pu

  Score

  3^/10
  behavioral13

• • Target

    locales/bn.pak

  • Size

    812KB

  • MD5

    d6ccc9689654b84bc095cec4f1952cca

  • SHA1

    286130971826b0af1b6d29c5283dfa71af7cd7b0

  • SHA256

    e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da

  • SHA512

    db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

  • SSDEEP

    3072:3V/mYMtWOsmmWlIpRb6rH4kSBbdXWSM5QwXlFE:3wP9sKIpRurHEBbd+5tle

  Score

  3^/10
  behavioral14

• • Target

    locales/ca.pak

  • Size

    384KB

  • MD5

    2f8d050c228583559cda181291b76e5a

  • SHA1

    b047f1cfb30b1162b1dd79f7e424a83fd807eec7

  • SHA256

    e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d

  • SHA512

    e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

  • SSDEEP

    12288:HQrijIs3cejEYBCqol3nbhj+YbHQluSwWwXcMjdLbpuQRBtryBiGIle3nei30CtX:HPm+thFMNSGhrKU5qzEK

  Score

  3^/10
  behavioral15

• • Target

    locales/cs.pak

  • Size

    393KB

  • MD5

    26765c7be201444f0238962bb16a506b

  • SHA1

    f9d4a33795e45127c14bcf35cc770845627e15e8

  • SHA256

    936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74

  • SHA512

    577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

  • SSDEEP

    6144:qEcblAZYhg7PlAKRM55Z8+U1KN0g588QM:qfJAahgrxM55Z8+UoN0gb

  Score

  3^/10
  behavioral16

• • Target

    locales/da.pak

  • Size

    356KB

  • MD5

    fecabf71853bab84eacdd95699c49f69

  • SHA1

    8519afc13e100a550ca3d756518a0bc33674e0d3

  • SHA256

    1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f

  • SHA512

    e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

  • SSDEEP

    6144:tihc7yqxL8DzQ4XwltFJJwRXmN3OOr5xYrUGzOZiY4TWwz:GWyRvLDm/5er3T7

  Score

  3^/10
  behavioral17

• • Target

    locales/de.pak

  • Size

    381KB

  • MD5

    ec069f60c9825080b9d18ff6492e816d

  • SHA1

    34ce5101c9646f9c2deb9820a3b26eb91c525ebc

  • SHA256

    e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7

  • SHA512

    95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

  • SSDEEP

    6144:uASGgzYoRm0c8x+ZaRKcUCYV3rfZ6zhq7mp5/g3nBIRgql:VS3R28oZafGfZ6V5EyRgql

  Score

  3^/10
  behavioral18

• • Target

    locales/el.pak

  • Size

    691KB

  • MD5

    306a80dadadb1f9182810733269537fd

  • SHA1

    bc01a65a9d024ec72e613aedc60f4838be798040

  • SHA256

    92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91

  • SHA512

    491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

  • SSDEEP

    12288:T9HAquNw2202pgtZqK4qILjJCaP5A3HRnkOY63Tog6sDPfFnxPuUWTT9rk2B0pzg:ZHAquNw2202pgtI/quJCaRA3HRnrY63U

  Score

  3^/10
  behavioral19

• • Target

    locales/en-GB.pak

  • Size

    310KB

  • MD5

    502260e74b65b96cd93f5e7bf0391157

  • SHA1

    b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

  • SHA256

    463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

  • SHA512

    0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

  • SSDEEP

    6144:5QbJ7L0535IBMP9ecDl9bfaYENPQLP56Sbuo:5wseBMZl9qNPA56Syo

  Score

  3^/10
  behavioral20

• • Target

    locales/en-US.pak

  • Size

    313KB

  • MD5

    3f6f4b2c2f24e3893882cdaa1ccfe1a3

  • SHA1

    b021cca30e774e0b91ee21b5beb030fea646098f

  • SHA256

    bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

  • SHA512

    bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

  • SSDEEP

    6144:SssphRVKuQ+KVMP9elsY4ZfaYe7RqIZ5HS5xswS:JsIvVMNY467Rv5HSPswS

  Score

  3^/10
  behavioral21

• • Target

    locales/es-419.pak

  • Size

    380KB

  • MD5

    774ced79da2fd32bd1ba52a0f16e0a19

  • SHA1

    ff36dcf8b62046871f441f301dd7af51cb9ce7ee

  • SHA256

    5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81

  • SHA512

    7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

  • SSDEEP

    3072:L5LE4Mkik4iEt9zj47Z/HyuOd8phPWVinwwgOG55NlTfGLF+vVlBnG6:LRn4J9K/BpgMu5uLF+vVlFG6

  Score

  3^/10
  behavioral22

• • Target

    resources/elevate.exe

  • Size

    105KB

  • MD5

    792b92c8ad13c46f27c7ced0810694df

  • SHA1

    d8d449b92de20a57df722df46435ba4553ecc802

  • SHA256

    9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

  • SHA512

    6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

  • SSDEEP

    3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

  Score

  3^/10

  discovery
  behavioral23

• • Target

    vk_swiftshader.dll

  • Size

    4.9MB

  • MD5

    afb174ccd1abb292da14779a079d4282

  • SHA1

    ddd74e61c48c4445f1b3fa886b7c28b0de3f1859

  • SHA256

    a32c3fbbf74699a10e7642bf4901191f29c88c5aec93ae7ba28c79ab28462a69

  • SHA512

    fddd4d70dc6b8d424adfa509ad145845d13d898eaedb1706de357cf1dcd4eb25fe581c9dc58c1de0954b1a10b232934d219563a1e2e8ed1bc01412bfc789cbfc

  • SSDEEP

    49152:/GrnxGr9pGmj8pGtA/bVVku6KZlxsMOtVKOkc4FjHjAW3vZ1B93k1RE7SrLop8cJ:YnxY9NURayzxX61u0Lflb0wrD

  Score

  1^/10
  behavioral24

• • Target

    vulkan-1.dll

  • Size

    894KB

  • MD5

    7ba000aece0d376e6f77e4c2f48f69c8

  • SHA1

    24b103a2d9d5d742783ad3ecbfeb2cc57bd711c6

  • SHA256

    1f8b647f161f20d45d554e349b3e5ef0b7b5da8c7bdbc1ff631d37dc9c819503

  • SHA512

    d051ed9d1b9c28cd38da020cebe8b58da53c520f8686dc08fb9e626a9751c23fc43b97b2c309314e3f9a94f1eea448b77657c955c7b22aaadc6c0753b85f744c

  • SSDEEP

    12288:3P1VNNJPqXu9D8xeLoCzG4JsZGS5ld/YlmQAuYvyRnsBsoj89C29h:3PXJPq+9QeLpDpmQ/YJBseS9h

  Score

  1^/10
  behavioral25

• • Target

    $PLUGINSDIR/nsExec.dll

  • Size

    6KB

  • MD5

    ec0504e6b8a11d5aad43b296beeb84b2

  • SHA1

    91b5ce085130c8c7194d66b2439ec9e1c206497c

  • SHA256

    5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

  • SHA512

    3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

  • SSDEEP

    96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

  Score

  3^/10

  discovery
  behavioral26

• • Target

    $PLUGINSDIR/nsis7z.dll

  • Size

    424KB

  • MD5

    80e44ce4895304c6a3a831310fbf8cd0

  • SHA1

    36bd49ae21c460be5753a904b4501f1abca53508

  • SHA256

    b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

  • SHA512

    c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

  • SSDEEP

    6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

  Score

  3^/10

  discovery
  behavioral27

• • Target

    $R0/Uninstall Setup.exe

  • Size

    165KB

  • MD5

    1fcd96613ce9e9768827c9a70bc9af71

  • SHA1

    2f5c1267c19643f475c3b19fc9cbb41afe3ef408

  • SHA256

    44a3ff5e71cda2981fd8607105c5cd2b97391610d2ba2a0655f8448ca803014d

  • SHA512

    7f7107abf8c5d12ab97c3bb0f143d0961bb31bc0fe7418b01e7d4c94d491cd1a694908c5a7ec35ff0be112586b66aa3349c453f2404c71d3ffe3425b484b80a0

  • SSDEEP

    3072:hn77v00hEoDEtau2JTb3Z0hTm9YSl6w4JybJLaKudaH2tvhOEA1RJCir86SrSrvq:h740IO/p0sl6ZcaPds2t0EyL+yav

  Score

  7^/10

  discovery

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery
  behavioral28

• • Target

    $PLUGINSDIR/StdUtils.dll

  • Size

    100KB

  • MD5

    c6a6e03f77c313b267498515488c5740

  • SHA1

    3d49fc2784b9450962ed6b82b46e9c3c957d7c15

  • SHA256

    b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

  • SHA512

    9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

  • SSDEEP

    3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

  Score

  3^/10

  discovery
  behavioral29

• • Target

    $PLUGINSDIR/System.dll

  • Size

    12KB

  • MD5

    0d7ad4f45dc6f5aa87f606d0331c6901

  • SHA1

    48df0911f0484cbe2a8cdd5362140b63c41ee457

  • SHA256

    3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

  • SHA512

    c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

  • SSDEEP

    192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

  Score

  3^/10

  discovery
  behavioral30

• • Target

    $PLUGINSDIR/WinShell.dll

  • Size

    3KB

  • MD5

    1cc7c37b7e0c8cd8bf04b6cc283e1e56

  • SHA1

    0b9519763be6625bd5abce175dcc59c96d100d4c

  • SHA256

    9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

  • SHA512

    7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

  Score

  3^/10

  discovery
  behavioral31

• • Target

    $PLUGINSDIR/nsExec.dll

  • Size

    6KB

  • MD5

    ec0504e6b8a11d5aad43b296beeb84b2

  • SHA1

    91b5ce085130c8c7194d66b2439ec9e1c206497c

  • SHA256

    5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

  • SHA512

    3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

  • SSDEEP

    96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

  Score

  3^/10

  discovery
  behavioral32