MAR-10382580.r1.v1: Unidentified RAT
Malware Characterization
//node() | //@*
This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.
cisa
2022-06-03T14:28:03-04:00
BMachine
87
7.1.0
winds.exe
850432
PE32+ executable (GUI) x86-64, for MS Windows
MD5
21fa1a043460c14709ef425ce24da4fd
SHA1
33638da3a83c2688e1d20862b1de0b242a22e87c
SHA256
66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
SHA512
00afc06c46397d106489c63492437100ae8a872169918c1b2a0c7acfcbe8b6c7b77e587f50551d33603693755081bafbaddfe62bfccb9a3803e940a9b9a5a30e
SSDEEP
12288:nHphzO/LbA9xVeAayauoGqKv4Kyxa30vKc6wVqSfpOH8KAGG6SfUTuy4aN+h:JqGxMUKGqKv4OEvBHVqSfMFyUSjs
7.555857
7
2016-06-28 14:54:12-04:00
1024
MD5
f7563c080ebc1ddfde8cd35a391c013b
2.941811
Sysinternals - www.sysinternals.com
PsPing - ping, latency, bandwidth measurement utility
2.10
PsPing
Copyright (C) 2012-2016 Mark Russinovich
psping.exe
Sysinternals PsPing
2.10
.text
148992
6.18388
MD5
dee2271d40bae0ee404bd93800669e7f
.rdata
76800
3.959956
MD5
f9ca0448650e2c20a1c84bdf4d21e1f5
.data
37888
4.076162
MD5
ef7c0cd1e8c1cb59d89b9bb7cb3e38b7
.pdata
7680
5.174204
MD5
a94f35a1d82b7ea31758e552c5c8dd4d
.rsrc
574976
7.974682
MD5
0a5f1fe82123e133fb124fb65751dd19
.reloc
3072
5.054629
MD5
b89ab7dbe7f05df8a1bebb81afcdbc9f
Characterized_By
Connected_To
Contains
Characterized_By
Characterized_By
Characterized_By
Characterized_By
Characterized_By
Characterized_By
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
185.136.163.104
Connected_From
Related_To
Queried whois.ripe.net with "-B 185.136.163.104"...
% Information related to '185.136.163.0 - 185.136.163.255'
% Abuse contact for '185.136.163.0 - 185.136.163.255' is 'pivps.com@gmail.com'
inetnum: 185.136.163.0 - 185.136.163.255
netname: VELIANET-FR-PINETLLC
descr: Pi NET, LLC
country: FR
org: ORG-PNL20-RIPE
admin-c: PNL16-RIPE
tech-c: PNL16-RIPE
status: ASSIGNED PA
remarks: ticket.velia.net 122001
notify: vnid-hostmaster@godaddy.com
mnt-by: FGK-MNT
created: 2018-10-26T15:33:38Z
last-modified: 2018-10-26T15:33:38Z
source: RIPE
organisation: ORG-PNL20-RIPE
org-name: Pi NET, LLC
org-type: OTHER
address: No 74, Tang Thiet Giap, Co Nhue
address: Tu Liem
address: 100000 Hanoi
address: Viet Nam
phone: +84 977471775
e-mail: pivps.com@gmail.com
admin-c: PNL16-RIPE
tech-c: PNL16-RIPE
abuse-c: PNL16-RIPE
mnt-ref: FGK-MNT
mnt-by: FGK-MNT
created: 2017-09-07T11:08:29Z
last-modified: 2017-09-07T11:08:29Z
source: RIPE
role: Pi NET, LLC
address: No 74, Tang Thiet Giap, Co Nhue
address: Tu Liem
address: 100000 Hanoi
address: Viet Nam
phone: +84 977471775
e-mail: pivps.com@gmail.com
nic-hdl: PNL16-RIPE
mnt-by: FGK-MNT
created: 2017-09-07T11:08:29Z
last-modified: 2017-09-07T11:08:29Z
source: RIPE
abuse-mailbox: pivps.com@gmail.com
% Information related to '185.136.160.0/22AS29066'
route: 185.136.160.0/22
descr: velia.net Internetdienste GmbH
origin: AS29066
notify: vnid-hostmaster@godaddy.com
mnt-by: FGK-MNT
mnt-by: GODADDY-MNT
created: 2018-09-03T07:40:03Z
last-modified: 2019-06-04T09:16:09Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.103 (ANGUS)
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
581632
PE32+ executable (console) x86-64, for MS Windows
MD5
7b1ce3fe542c6ae2919aa94e20dc860e
SHA1
49a5852783fcefd9513b02d27a0304ae171f4459
SHA256
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
SHA512
07ab85017714ded24ef9cf25310c76b5b05616398b09b85e0e7b177c7ab662b5c855e6814dc50c12f88a130921afb5f7f8134583cbbdc7c21917c2dfcad0f2d2
SSDEEP
6144:r47ZkpeF7uuHVEokxXHxFCgPOcUx3X6wUNSz3m3+CRn7qGkFgIkwLB6iZf:r47/F7uuHDY1OPxhUuKeGw3Z
Microsoft Visual C++ 8.0 (DLL)
6.181663
7
2022-03-03 01:35:56-05:00
4096
MD5
0fd74e4e16029f0837428b76b1d62b68
0.896086
.text
397312
6.440368
MD5
bfdaba9ac4dadf31b2346cf1104ecc0d
.rdata
126976
4.85378
MD5
9c82a4527253007ab20b19fef102c551
.data
20480
4.180216
MD5
a7502cfe7c93b5a4882fb1e6078e6652
.pdata
24576
5.115554
MD5
9c3d8f5359ac9abd96529387b2acbdde
_RDATA
4096
0.259819
MD5
791660e03dd58cccf36d40f4c9bb6d75
.reloc
4096
5.005726
MD5
f3f7d9cb1331a4d1270bc0b08b2090bc
Contained_Within
odbccads.exe
724992
PE32+ executable (GUI) x86-64, for MS Windows
MD5
de0d57bdc10fee1e1e16e225788bb8de
SHA1
695d31cdac532be8e6d2a98220c0c55f3385aa0b
SHA256
33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
SHA512
45bea34a3248e2d8ef1c1922f9b9bd89b80552bf9429e1e83595b5684c2067f6a1f04ef44f2d086cd9248a01022efe9ebf539c6a280f780aee9796225b960f0f
SSDEEP
12288:q50ggg3QpKI+CjNu5s1luYiEoCvhHw3lZjUwJx8qpXeS/E9mHLO/dk:K0Hg3eK18g5s7ziSqVZj980P/E9ka/d
7.624236
7
2016-06-12 12:53:34-04:00
1024
MD5
061073798e31a66598c1b1a1089e1256
2.887037
Sysinternals - www.sysinternals.com
Lists logon session information
1.4
LogonSessions
Copyright (C) 2004-2016 Mark Russinovich
logonsessions.exe
Sysinternals LogonSessions
1.4
.text
89088
6.366966
MD5
acb35e1a2a26fb3ddd19a088cecb3166
.rdata
65536
4.425938
MD5
4d9a0bcd9467b5aaee5d4d762219821b
.data
6656
3.054858
MD5
f80417eeab656641c6a5206454b398d3
.pdata
5120
4.855993
MD5
e0d2510e666231c532ff97edf51abd10
.rsrc
555520
7.909148
MD5
28c72f93d407e70be44e0cacd3994710
.reloc
2048
4.939573
MD5
bca539afcd691a4a238b78fc830dc55a
Characterized_By
Connected_To
Figure 8
134.119.177.107
Related_To
Related_To
Connected_From
Connected_From
443
TCP
Queried whois.ripe.net with "-B 134.119.177.107"...
% Information related to '134.119.177.0 - 134.119.177.255'
% Abuse contact for '134.119.177.0 - 134.119.177.255' is 'pivps.com@gmail.com'
inetnum: 134.119.177.0 - 134.119.177.255
netname: VELIANET-FR-PINETLLC
descr: Pi NET, LLC
country: FR
org: ORG-PNL18-RIPE
admin-c: PNL14-RIPE
tech-c: PNL14-RIPE
status: LEGACY
remarks: ticket.velia.net 87114
notify: hostmaster@velia.net
mnt-by: FGK-MNT
created: 2017-05-12T09:24:37Z
last-modified: 2017-05-12T09:24:37Z
source: RIPE
organisation: ORG-PNL18-RIPE
org-name: Pi NET, LLC
org-type: OTHER
address: No 74, Tang Thiet Giap, Co Nhue
address: Tu Liem
address: 100000 Hanoi
address: Viet Nam
phone: +84 977471775
e-mail: pivps.com@gmail.com
admin-c: PNL14-RIPE
tech-c: PNL14-RIPE
abuse-c: PNL14-RIPE
mnt-ref: FGK-MNT
mnt-by: FGK-MNT
created: 2017-05-09T08:44:12Z
last-modified: 2017-05-09T08:44:12Z
source: RIPE
role: Pi NET, LLC
address: No 74, Tang Thiet Giap, Co Nhue
address: Tu Liem
address: 100000 Hanoi
address: Viet Nam
phone: +84 977471775
e-mail: pivps.com@gmail.com
nic-hdl: PNL14-RIPE
mnt-by: FGK-MNT
created: 2017-05-09T08:44:12Z
last-modified: 2017-05-09T08:44:12Z
source: RIPE
abuse-mailbox: pivps.com@gmail.com
% Information related to '134.119.176.0/20AS29066'
route: 134.119.176.0/20
descr: velia.net
origin: AS29066
mnt-by: FGK-MNT
notify: hostmaster@velia.net
created: 2017-05-11T09:17:20Z
last-modified: 2017-05-11T09:17:20Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.103 (HEREFORD)
praiser.exe
727040
PE32+ executable (GUI) x86-64, for MS Windows
MD5
e9c2b8bd1583baf3493824bf7b3ec51e
SHA1
76f2c5f0312346caf82ed42148e78329f8d7b35a
SHA256
7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
SHA512
d3ee9a7ecbade56c72dbbdacf29cb122a6254dfc159427166829ca793d80ee21d3bf0229ebef46fdb9e326e49ad1cb84b49121417462b3a79d299708cf578acb
SSDEEP
12288:e5jggI3QpKOnH0FxuvHNZXXbt8Qx1+d/Amk31:OjHI3eKOH06vHNZXbtVxS/Amo1
7.622654
7
2016-06-12 12:53:34-04:00
1024
MD5
0c44f8237fa873b9bd4efaa9489ad650
2.879905
Sysinternals - www.sysinternals.com
Lists logon session information
1.4
LogonSessions
Copyright (C) 2004-2016 Mark Russinovich
logonsessions.exe
Sysinternals LogonSessions
1.4
.text
89088
6.367004
MD5
1a1bf58f62faa7d93ce17441b9bf738d
.rdata
65536
4.425938
MD5
4d9a0bcd9467b5aaee5d4d762219821b
.data
6656
3.054858
MD5
f80417eeab656641c6a5206454b398d3
.pdata
5120
4.855993
MD5
e0d2510e666231c532ff97edf51abd10
.rsrc
557568
7.903129
MD5
8c14221bada15cef72ccc7f336dbe5f5
.reloc
2048
4.939573
MD5
bca539afcd691a4a238b78fc830dc55a
Characterized_By
Connected_To
Characterized_By
Figure 9
Figure 10
162.245.190.203
Connected_From
Related_To
NetRange: 162.245.184.0 - 162.245.191.255
CIDR: 162.245.184.0/21
NetName: QUADRANET-DOWNSTREAM
NetHandle: NET-162-245-184-0-1
Parent: NET162 (NET-162-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS8100
Organization: QuadraNet Enterprises LLC (QEL-5)
RegDate: 2014-03-28
Updated: 2018-08-30
Ref: https://rdap.arin.net/registry/ip/162.245.184.0
OrgName: QuadraNet Enterprises LLC
OrgId: QEL-5
Address: 19528 Ventura Blvd #433
City: Tarzana
StateProv: CA
PostalCode: 91356
Country: US
RegDate: 2018-06-07
Updated: 2018-10-11
Ref: https://rdap.arin.net/registry/entity/QEL-5
ReferralServer: rwhois://rwhois.quadranet.com:4321
fontdrvhosts.exe
950272
PE32+ executable (GUI) x86-64, for MS Windows
MD5
9b071311ecd1a72bfd715e34dbd1bd77
SHA1
4a3f79d6821139bc1c3f44fb32e8450ee9705237
SHA256
3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
SHA512
73444e81e02ac8649fa99aa6d98c3818589a627da687f7813a27b83e70e04b4eb4b38f69e7a103398440f9e03b47c6dcfc9b7a42ef5bae71c9e527ed52789efc
SSDEEP
24576:VUQ+clWhn/PvswcxMnTndLF2nepjcrDXrVXK5ODcD:VUCqTnKbK5
7.475351
7
2020-11-04 13:24:40-05:00
1024
MD5
78d132074de70aeea7869dd58a1c9f94
3.116777
Sysinternals - www.sysinternals.com
Directory disk usage reporter
1.62
DU
Copyright (C) 2005-2018 Mark Russinovich
du.exe
Sysinternals Du
1.62
.text
322048
6.44723
MD5
440d1de1ebc4370b4c5b9484f4d6bceb
.rdata
105984
5.104773
MD5
2e1630eccc28f57d2eb5e243b81b472b
.data
4096
2.850634
MD5
de30a21bcd286f9ecbbe9b5430d748fd
.pdata
19456
5.731131
MD5
85d64a30df840f5f518c92faefdbf3a3
.rsrc
495104
7.970015
MD5
753a82453395193c63bfea56bfcf1ef2
.reloc
2560
5.037904
MD5
a9c4c9e1bc46b5a68f1853eabc7543bb
Connected_To
155.94.211.207
Connected_From
Related_To
NetRange: 155.94.128.0 - 155.94.255.255
CIDR: 155.94.128.0/17
NetName: QUADRANET
NetHandle: NET-155-94-128-0-1
Parent: NET155 (NET-155-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS8100
Organization: QuadraNet Enterprises LLC (QEL-5)
RegDate: 2014-06-11
Updated: 2018-08-30
Ref: https://rdap.arin.net/registry/ip/155.94.128.0
OrgName: QuadraNet Enterprises LLC
OrgId: QEL-5
Address: 19528 Ventura Blvd #433
City: Tarzana
StateProv: CA
PostalCode: 91356
Country: US
RegDate: 2018-06-07
Updated: 2018-10-11
Ref: https://rdap.arin.net/registry/entity/QEL-5
error_401.jsp
23171
ASCII text, with very long lines, with no line terminators
MD5
3e200093f737fcd1e4bd350f6ffb7d56
SHA1
0e9e98d93463798645cc0a972a4ff6f99977318a
SHA256
28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
SHA512
9269ad158e16df39acf56a209b9afd91713282d8a9a7f5a51efefa8ef1de0c8093495e2994e11ef464753171bdf1d762d4def0d0191b111403250ae47d63cf8e
SSDEEP
192:/2OkbSJWwmduoToGPJswyEnczKvN4/kV+8YBRKY9O/9:ESJeUgybee5o9
5.17215
Characterized_By
Characterized_By
Characterized_By
Characterized_By
Figure 11
Figure 12
Figure 13
Figure 14
SvcEdge.exe
716800
PE32+ executable (GUI) x86-64, for MS Windows
MD5
3764a0f1762a294f662f3bf86bac776f
SHA1
6a87d8df99ea58d8612fa58a58b1a3a9512f160e
SHA256
f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab
SHA512
cb4ebb81c46246b92ae427f8cb0962af7420632e1806bd41e6169f5a98229f967d42bc843925679bee09b847462eb828adcdabe85e32b04f4cf859b0ed2d1725
SSDEEP
12288:35OggY3QpK0ASd9ShPcr6rppUsCCkbiPppbvBPYLbYQPmfX:pOHY3eKGSar6pK2RlB2l
7.625956
7
2016-06-12 12:53:34-04:00
1024
MD5
f11e7a01c20bdb65f339a2e16ff2ab71
2.889552
Sysinternals - www.sysinternals.com
Lists logon session information
1.4
LogonSessions
Copyright (C) 2004-2016 Mark Russinovich
logonsessions.exe
Sysinternals LogonSessions
1.4
.text
89088
6.366985
MD5
e3e795ae8373330927da9e37b54a58b4
.rdata
65536
4.425938
MD5
4d9a0bcd9467b5aaee5d4d762219821b
.data
6656
3.054858
MD5
f80417eeab656641c6a5206454b398d3
.pdata
5120
4.855993
MD5
e0d2510e666231c532ff97edf51abd10
.rsrc
547328
7.907534
MD5
807875fc3b991f68fdcc9dd7536ecf58
.reloc
2048
4.939573
MD5
bca539afcd691a4a238b78fc830dc55a
Contains
f7_dump_64.exe
491520
PE32+ executable (console) x86-64, for MS Windows
MD5
199a32712998c6d736a05b2dbd24a761
SHA1
45e0d90bd0283a1262d5afff46232e0ad4227d3b
SHA256
88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
SHA512
b7a5c05135450fa6ea2a65dc227446ea52f9233a716f0fab78964d47898b53830441ecac54616d036b22d8241c2643f1c405b956037df63149fe8029f97b5899
SSDEEP
6144:X0jj3qx0aEOjBiBQABYnBxxxa+Af2/hWPsWubPzpkVb4IOf9Dg4l/AxYL+p3Z/l:X0n3qaaEOjUBQXLA+/S89tgs4xY43Z
Microsoft Visual C++ 8.0 (DLL)
6.114557
7
2022-02-22 23:18:47-05:00
4096
MD5
053c02fb38d86cde0b2f936311eff105
0.901639
.text
327680
6.393162
MD5
3f71f9227c631d0a9e5fe0d336705ebf
.rdata
110592
4.796744
MD5
61a37d0b6fceed27908f87fe41ab1965
.data
20480
4.040144
MD5
c8b9c69d2f0ea35735ae2205a7762bcd
.pdata
20480
5.287506
MD5
38355455e83691feae2b4e6bc396081c
_RDATA
4096
0.259819
MD5
11abdcdaaf0271c411451a3ae533aba4
.reloc
4096
4.895506
MD5
023183b361ae5de3c7493f32da9ab756
Characterized_By
Characterized_By
Connected_To
Characterized_By
Characterized_By
Characterized_By
Characterized_By
Contained_Within
Characterized_By
Characterized_By
Characterized_By
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19
Figure 20
Figure 21
Figure 22
Figure 23
CISA_Consolidated.yara: CISA_10382580_03
Malware Artifacts
MD5
21fa1a043460c14709ef425ce24da4fd
SHA1
33638da3a83c2688e1d20862b1de0b242a22e87c
SHA256
66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:28+00:00
Malicious IP
IP Watchlist
185.136.163.104
NCCIC
2022-06-03T18:29:29+00:00
CISA_Consolidated.yara: CISA_10382580_02
Malware Artifacts
MD5
7b1ce3fe542c6ae2919aa94e20dc860e
SHA1
49a5852783fcefd9513b02d27a0304ae171f4459
SHA256
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:29+00:00
CISA_Consolidated.yara: CISA_10382580_03
Malware Artifacts
MD5
de0d57bdc10fee1e1e16e225788bb8de
SHA1
695d31cdac532be8e6d2a98220c0c55f3385aa0b
SHA256
33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:29+00:00
Malicious IP
IP Watchlist
134.119.177.107
NCCIC
2022-06-03T18:29:29+00:00
CISA_Consolidated.yara: CISA_10382580_03
Malware Artifacts
MD5
e9c2b8bd1583baf3493824bf7b3ec51e
SHA1
76f2c5f0312346caf82ed42148e78329f8d7b35a
SHA256
7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:30+00:00
Malicious IP
IP Watchlist
162.245.190.203
NCCIC
2022-06-03T18:29:30+00:00
CISA_Consolidated.yara: CISA_10382580_03
Malware Artifacts
MD5
9b071311ecd1a72bfd715e34dbd1bd77
SHA1
4a3f79d6821139bc1c3f44fb32e8450ee9705237
SHA256
3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:30+00:00
Malicious IP
IP Watchlist
155.94.211.207
NCCIC
2022-06-03T18:29:30+00:00
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
3e200093f737fcd1e4bd350f6ffb7d56
SHA1
0e9e98d93463798645cc0a972a4ff6f99977318a
SHA256
28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
NCCIC
2022-06-03T18:29:30+00:00
CISA_Consolidated.yara: CISA_10382580_03
Malware Artifacts
MD5
3764a0f1762a294f662f3bf86bac776f
SHA1
6a87d8df99ea58d8612fa58a58b1a3a9512f160e
SHA256
f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:30+00:00
CISA_Consolidated.yara: CISA_10382580_01
Malware Artifacts
MD5
199a32712998c6d736a05b2dbd24a761
SHA1
45e0d90bd0283a1262d5afff46232e0ad4227d3b
SHA256
88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
NCCIC
http://plusvic.github.io/yara/
NCCIC
2022-06-03T18:29:31+00:00
MAEC Characterization of 21fa1a043460c14709ef425ce24da4fd
Bitdefender
Gen:Variant.Ulise.345018
McAfee
RDN/Generic.dx
K7
Trojan ( 0058e94e1 )
IKARUS
Trojan.Win64.Injector
Zillya!
Trojan.Chapak.Win32.92597
AhnLab
Trojan/Win.Generic
Emsisoft
Gen:Variant.Ulise.345018 (B)
Avira
TR/Injector.vkchy
ESET
a variant of Win64/Injector.HA.gen trojan
Adaware
Gen:Variant.Ulise.345018
remote-access-trojan
trojan
command-and-control
MAEC Characterization of 7b1ce3fe542c6ae2919aa94e20dc860e
AhnLab
Backdoor/Win.NukeSped
Avira
HEUR/AGEN.1213015
backdoor
MAEC Characterization of de0d57bdc10fee1e1e16e225788bb8de
Bitdefender
Gen:Variant.Ulise.345018
IKARUS
Trojan.Win64.Injector
AhnLab
Trojan/Win.Generic
Emsisoft
Gen:Variant.Ulise.345018 (B)
Avira
HEUR/AGEN.1248665
ESET
a variant of Win64/Injector.HA.gen trojan
Adaware
Gen:Variant.Ulise.345018
MAEC Characterization of e9c2b8bd1583baf3493824bf7b3ec51e
Bitdefender
Gen:Variant.Ulise.345018
McAfee
RDN/Generic.dx
K7
Trojan ( 0058e94e1 )
IKARUS
Trojan.Win64.Injector
Zillya!
Trojan.Injector.Win64.1263
AhnLab
Trojan/Win.Generic
Emsisoft
Gen:Variant.Ulise.345018 (B)
Avira
TR/Injector.oqsge
ESET
a variant of Win64/Injector.HA.gen trojan
Adaware
Gen:Variant.Ulise.345018
MAEC Characterization of 9b071311ecd1a72bfd715e34dbd1bd77
IKARUS
Trojan.Win64.Injector
ESET
a variant of Win64/Injector.HA.gen trojan
MAEC Characterization of 3764a0f1762a294f662f3bf86bac776f
Bitdefender
Gen:Variant.Ulise.345018
IKARUS
Trojan.Win64.Injector
AhnLab
Trojan/Win.Generic
Emsisoft
Gen:Variant.Ulise.345018 (B)
Avira
TR/Injector.mhzsy
ESET
a variant of Win64/Injector.HA.gen trojan
Adaware
Gen:Variant.Ulise.345018
MAEC Characterization of 199a32712998c6d736a05b2dbd24a761
AhnLab
Trojan/Win.PWS
ESET
a variant of Win64/Spy.Agent.EA trojan
10382580.r1.v1
Malicious Code
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected