ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAO
1
Lookup HashRatingPositivesVirusFile NamesFirst SubmittedLast SubmittedFile TypeMD5SHA1SHA256Imphash
Matching Rule
HarmlessRevokedExpiredTrustedSignedSigner
Hybrid Analysis Sample
MalShare Sample
VirusBay Sample
MISPMISP EventsURLhausAnyRunCAPEVALHALLA
User Comments
MicrosoftKasperskyMcAfeeCrowdStrikeTrendMicroESET-NOD32SymantecF-SecureSophosGData
2
214c960f7cab98ef63843e381b24aa7df3c34c98f2662e88238d16e203559830
malicious13
Microsoft: Trojan:Win32/Sabsik.FL.B!ml / CrowdStrike: win/malicious_confidence_70% (W) / Sophos: Generic ML PUA (PUA)
3/7/22 13:533/7/22 13:53Win32 EXE
ac7da7f7d9510f0631ec34e923fe6fe1
ceb93bb237e2a1f15238908bfe79ee5dc1f2a993
214c960f7cab98ef63843e381b24aa7df3c34c98f2662e88238d16e203559830
6c2a6f411d52e0bf6d29316089122d7d
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 13, 'rulename': 'SUSP_Protector_Themida_Packed_Samples_Mar21_1', 'tags': ['FILE', 'T1045', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 16:00:50 GMT', 'total': 68}]
['thor']
Trojan:Win32/Sabsik.FL.B!ml
--
win/malicious_confidence_70% (W)
----
Generic ML PUA (PUA)
-
3
b3f6e30480b90f053f45881e929ee0408aae533a7d3f5cd35abab05aff9dc603
clean0-dropper-v2.dll3/7/22 13:143/7/22 13:14Win32 DLL
e5708c78088a2da2d24b2ecc88d512e4
33a4afe77c533c47661e47edf31b137a112eb957
b3f6e30480b90f053f45881e929ee0408aae533a7d3f5cd35abab05aff9dc603
f4de73efeaf5506ac1f03526f8283c5b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 0, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 15:21:16 GMT', 'total': 66}]
['thor']----------
4
99244c7d23d2dfa45fdabb4c817ad788b41476c7aceae17c3544d6a1b0e96db0
suspicious2-dropper-v2.exe3/7/22 13:073/7/22 13:07Win32 EXE
f41e7c0feb99bada8433bd64bdd0a2f6
2160bd377cc0db38e19af8ede1d561133c30a773
99244c7d23d2dfa45fdabb4c817ad788b41476c7aceae17c3544d6a1b0e96db0
7a7f2d69c31b75dd25a3e7b5ebca20a8
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 15:13:51 GMT', 'total': 68}]
['thor']----------
5
12dd57c4444d982042bec5bcb904ad578d05c372a4969e1985dba918c6d219a0
suspicious2-dropper-v2.exe3/7/22 13:043/7/22 13:04Win32 EXE
88822823b9c5bf861fbdcd0f15f8d699
09fb30edf91479fcbf7d749d1495d3deec1acb3a
12dd57c4444d982042bec5bcb904ad578d05c372a4969e1985dba918c6d219a0
7a7f2d69c31b75dd25a3e7b5ebca20a8
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 15:10:20 GMT', 'total': 68}]
['thor']----------
6
13f67aa25088d45ad7540af641a2ddebf89a2360fcbd9a6f55e37b0659f90599
suspicious2-dropper-v2.exe3/7/22 13:013/7/22 13:01Win32 EXE
e90568ece2a534b7b7ac96d2e429aa8a
c8a8a333bb10a3cd37897f16c38369294dbefaa3
13f67aa25088d45ad7540af641a2ddebf89a2360fcbd9a6f55e37b0659f90599
e5a0c2cdf4d3a55afc931d52939e7b3b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 15:08:05 GMT', 'total': 66}]
['thor']----------
7
2d07e3e41bc48fb6d12afa460c17bd02263469a050efcf6e1e7101db9a6c197f
suspicious3Microsoft: Trojan:Win32/Sabsik.TE.B!mldropper-v2.exe3/7/22 13:003/7/22 13:00Win32 EXE
489547521e5657f050995a5dab008575
a2869b0227d1eb206d51bfbd7ffaf19618c3445b
2d07e3e41bc48fb6d12afa460c17bd02263469a050efcf6e1e7101db9a6c197f
b922d138373c8b66058de1f7d35721a7
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 3, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 15:07:00 GMT', 'total': 68}]
['thor']
Trojan:Win32/Sabsik.TE.B!ml
---------
8
0f1bf04d823d359a2e7544a7398f4c34c16a70025b52618c02805f6371a9bc32
suspicious1-dropper-v2.exe3/7/22 6:443/7/22 6:44Win32 EXE
e2e860102d86b66fca830989d6833a8c
368c53be5954a3e1d3c84272f83403b746fac658
0f1bf04d823d359a2e7544a7398f4c34c16a70025b52618c02805f6371a9bc32
4c7d26d08cd81525f4159e2edb1361ec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
9
f20306eedab39e6bbba0fab25ac98cab07029ce39fc28e04f00180dc8825de98
suspicious4-dropper-v2.exe3/7/22 6:423/7/22 6:42Win32 EXE
4ba089b88198d0a07813e84c7d53acfb
6383265f83e7d06a344574d34922f0f6994b5bce
f20306eedab39e6bbba0fab25ac98cab07029ce39fc28e04f00180dc8825de98
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 4, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 14:40:34 GMT', 'total': 67}]
['thor']----------
10
06e95420bcb5b85e2dd260b77358d96c1c3db4f7ba77e92e4e2d5f88e613453b
suspicious4-dropper-v2.exe3/7/22 6:423/7/22 6:42Win32 EXE
1beceeaea89ad9f4f7b5ad12fce8b56d
5cef126c444dd780464b2ec638ffdb112ec63bb6
06e95420bcb5b85e2dd260b77358d96c1c3db4f7ba77e92e4e2d5f88e613453b
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
11
e656de688ca42a92e7994d42a5fa217c93c145bcfb2b3404fa300ca66048baf2
suspicious3-dropper-v2.exe3/7/22 6:393/7/22 6:39Win32 EXE
4dfae4ff7570aa9877b3cd7cfe16d281
be3676f74f1464136b9dbfc77c86aad7d151d463
e656de688ca42a92e7994d42a5fa217c93c145bcfb2b3404fa300ca66048baf2
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
12
c22da94a910aa7ad017be0d9aa723f92c8b148bf8d98f86940ae385597314e53
clean0-dropper-v2.exe3/7/22 6:183/7/22 6:18Win32 EXE
2e63c06183a2c980f20f573c717dee90
e27600af907c625ae798d977ebb38ca2cf28f3fc
c22da94a910aa7ad017be0d9aa723f92c8b148bf8d98f86940ae385597314e53
a320612352dab7d3fccf83af8cd2dbec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
13
9e6e4d4714d20a3f1e9579a304cf93581fe35285eadfc4725e618d121e0d8182
suspicious3-dropper-v2.exe3/7/22 6:123/7/22 6:12Win32 EXE
9b5260d01aa0b452bed986b44c7749cc
50eef39eb8e615ecc83491cef821b70392c14e20
9e6e4d4714d20a3f1e9579a304cf93581fe35285eadfc4725e618d121e0d8182
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
14
209e3972d776e794edc5fcb6c582b14fec5a04ed3c4bda19df0ce4b44062e35e
suspicious2-dropper-v2.exe3/7/22 5:243/7/22 5:24Win32 EXE
05702651317bf6fae257404a5c038ee3
82f6e323940227b1f081f66a53811a315643fbca
209e3972d776e794edc5fcb6c582b14fec5a04ed3c4bda19df0ce4b44062e35e
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
15
e617910f761d6629eb2b68a011e80e3e867edd29dc9664972db17854824a4dae
suspicious3-dropper-v2.exe3/7/22 5:183/7/22 5:18Win32 EXE
47506e81a931712c01a53405ab8b8378
c206db80f2fffc2bb57299b0b128ad4cc6d509f5
e617910f761d6629eb2b68a011e80e3e867edd29dc9664972db17854824a4dae
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
16
e21085553be3e83f3ef0e21cdb25b75b61e1b45f15fdf3a01d26a6e3407e5de0
malicious16
Microsoft: Trojan:Win32/Wacatac.B!ml / McAfee: Artemis!FEC5267228BE / ESET-NOD32: a variant of Win64/Rozena.JF / GData: Trojan.GenericKD.39159196
dropper-v2.exe3/7/22 5:163/7/22 5:16Win32 EXE
fec5267228be7e328d6bc71bef622526
8b1bf595d16440eedae9865ed106a0e2351b31a3
e21085553be3e83f3ef0e21cdb25b75b61e1b45f15fdf3a01d26a6e3407e5de0
4bc5c6aec5b4a4795e5cc66b991d1965
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 7, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 12:58:52 GMT', 'total': 68}]
['thor']
Trojan:Win32/Wacatac.B!ml
-
Artemis!FEC5267228BE
--
a variant of Win64/Rozena.JF
---
Trojan.GenericKD.39159196
17
d161c537ab0b22bfb14876e4000aaba9ec175fd904e5be295ee017eb49dbc9e3
suspicious2-dropper-v2.exe3/7/22 5:133/7/22 5:13Win32 EXE
49a5353d5f6975e302b612bdc02c287a
cc10b9140b6b39ac88823d9c399164eb2fa76aed
d161c537ab0b22bfb14876e4000aaba9ec175fd904e5be295ee017eb49dbc9e3
b353d6b638695dd916b82152fb820a2f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
18
64c932fdc81dc33d9932cd47c8f7ff703877283e4cf438445ec5bdc89ca7a433
suspicious2-dropper-v2.exe3/7/22 5:123/7/22 5:12Win32 EXE
3e87597e474483fe8658b76c22c5c4f6
14a7d81dbaaa7ffbdb2a4bc7bcac92f04ce64d2d
64c932fdc81dc33d9932cd47c8f7ff703877283e4cf438445ec5bdc89ca7a433
6b18a3663b084f710bc25d714387b252
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 14:41:37 GMT', 'total': 66}]
['thor']----------
19
7e414e667aa84c6dff60bc5329c81d889d9fc029cde8530e152a259feb27d141
suspicious2-dropper-v2.exe3/7/22 5:113/7/22 5:11Win32 EXE
d237e9161fa0566d6c2593e50f3703ce
36b0abf192005c8c5a586745cb5cc57bcbd6d2c9
7e414e667aa84c6dff60bc5329c81d889d9fc029cde8530e152a259feb27d141
79419d333a64681b524a1d11ed7b0f0c
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
20
1c2d6eff8067f8d98b9fd494f2690249c82bc38efa578de87bd0d0ceb3145d30
suspicious3-dropper-v2.exe3/7/22 5:103/7/22 5:10Win32 EXE
41084089d5432ebcd2433d5a3bccc497
f8933b53c5daa47eecac684d5daa45d25da1f61d
1c2d6eff8067f8d98b9fd494f2690249c82bc38efa578de87bd0d0ceb3145d30
2a1bc4913cd5ecb0434df07cb675b798
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
21
3b8eb47c18d2d930608cfa29d36458dd1767790cf2699fb91319893adf118f5d
suspicious2-dropper-v2.exe3/7/22 5:083/7/22 5:08Win32 EXE
3664013017b10f011c8542452eed3f69
73b99e5ce00deb99aedcb67c78526e9380ff800e
3b8eb47c18d2d930608cfa29d36458dd1767790cf2699fb91319893adf118f5d
2d75315132865e0ed763c162dc74b166
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
22
9939dcc9658226e51e72f356000fcbc36d6f1193accb63ec5e69df38bccf66b5
suspicious2-dropper-v2.exe3/7/22 5:063/7/22 5:06Win32 EXE
e37fee9317b13115f1c35100dcd0d277
66f69bef1bcc54ff8bea2bf7a84ea1dab5320f6b
9939dcc9658226e51e72f356000fcbc36d6f1193accb63ec5e69df38bccf66b5
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
23
7e8ba9d8352073d0fc0958ad128d226a6a902625d4294bfcb44292dd8b4ce547
suspicious3-dropper-v2.exe3/7/22 5:033/7/22 5:03Win32 EXE
ee57d31693383b097cc4045e69fab785
0acc3bc8c054966a393f9960087de4899d27ed13
7e8ba9d8352073d0fc0958ad128d226a6a902625d4294bfcb44292dd8b4ce547
2d0435f53d9a1cadc820d7f6ad7a48de
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
24
ea81a02e4148a8fc37040a46d5576812e02bbf2ee81a05090a205d9b4c862a69
malicious16
Microsoft: Trojan:Win32/Sabsik.TE.B!ml / McAfee: Artemis!15E4E6EEFBA3 / ESET-NOD32: a variant of Win64/Rozena.JF / GData: Trojan.GenericKD.48529441
dropper-v2.exe3/7/22 5:023/7/22 5:02Win32 EXE
15e4e6eefba37ed2284259ba389a085f
5872baf48422cf13e210cf972c3cfa6a659c92e7
ea81a02e4148a8fc37040a46d5576812e02bbf2ee81a05090a205d9b4c862a69
4bc5c6aec5b4a4795e5cc66b991d1965
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 6, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 12:57:26 GMT', 'total': 67}]
['thor']
Trojan:Win32/Sabsik.TE.B!ml
-
Artemis!15E4E6EEFBA3
--
a variant of Win64/Rozena.JF
---
Trojan.GenericKD.48529441
25
2e84bd0d6ea996bef585e1301cad86ed09e1c5241c580d51e61b005574acd0ee
suspicious2-dropper-v2.exe3/7/22 5:003/7/22 5:00Win32 EXE
91496e20c66acff10bd63f3ef7f2275a
d467d025f44c1fafeb259cd2bc8969cf51b6f56b
2e84bd0d6ea996bef585e1301cad86ed09e1c5241c580d51e61b005574acd0ee
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
26
5225a72bd02d1564c5996e692ecef2ef2565b154512697be4399bf5fe66c150b
suspicious3-dropper-v2.exe3/7/22 4:583/7/22 4:58Win32 EXE
1047c3a8d1fc9384709e6af1a4b1a465
aed8bda46b4d7ed58fa8ee2b9c396f935a0f6fbb
5225a72bd02d1564c5996e692ecef2ef2565b154512697be4399bf5fe66c150b
2a1bc4913cd5ecb0434df07cb675b798
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
27
00ab2c91c2b11c95776b602c499c51a92901d84834ff70790e4807431ac8a14d
suspicious2-3/7/22 4:563/7/22 4:56Win32 EXE
e6133044d743e1a54075938487208d74
550ca963c7b03fa3bbe19043f9e641341730ffa7
00ab2c91c2b11c95776b602c499c51a92901d84834ff70790e4807431ac8a14d
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
28
5b36d9743cb3cd45e1e1937e2c181d530362c2847397b14a8f1b5ff3d7d03907
suspicious2-dropper-v2.exe3/7/22 4:403/7/22 4:40Win32 EXE
06d2af152d01a54489706b36e5311e6e
1cfdace76cd09e3b24912fd26c8d120bb819ff59
5b36d9743cb3cd45e1e1937e2c181d530362c2847397b14a8f1b5ff3d7d03907
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:46:48 GMT', 'total': 69}]
['thor']----------
29
0c3e0684911c9470ae4b049f08bd6adc5ec3e26633712c2017564009f6941302
suspicious2-dropper-v2.exe3/7/22 4:383/7/22 4:38Win32 EXE
cae5aefca53b10a8184ee36d6a1f0073
8ad44f4d0f5aff773137ca54cebfdc16023de9c3
0c3e0684911c9470ae4b049f08bd6adc5ec3e26633712c2017564009f6941302
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:45:42 GMT', 'total': 68}]
['thor']----------
30
bfe369bd0505438602f1737cdd6bcceb9dd0e30b6f3f1887959162bae1b26d33
suspicious2-dropper-v2.exe3/7/22 4:373/7/22 4:37Win32 EXE
2fdd15d7c2760895caace455fe40e17c
c204163c64637996b4cdfb4ce96d113cfc7f55db
bfe369bd0505438602f1737cdd6bcceb9dd0e30b6f3f1887959162bae1b26d33
90e7379deb654a1770471685c71a4020
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:44:38 GMT', 'total': 69}]
['thor']----------
31
8173ed5fab1a9cba435cdff7e1607aca2b77538abc55882a325075f38920f6fe
suspicious2-dropper-v2.exe3/7/22 4:343/7/22 4:34Win32 EXE
855923987dc161b425b20854dada63e0
d0d4c4aefd1a097fabc6f0ae2d6a7d4e1238cb81
8173ed5fab1a9cba435cdff7e1607aca2b77538abc55882a325075f38920f6fe
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:41:19 GMT', 'total': 69}]
['thor']----------
32
4a1552ac82cef02b233a127f49cad6dfd66496840a6a98f87d259725924cf7df
suspicious5-dropper-v2.exe3/7/22 4:333/7/22 4:33Win32 EXE
d33117d407506fc1c98f966cec739db3
d8e456b05214e33811a28edfa60291adf12d8fe3
4a1552ac82cef02b233a127f49cad6dfd66496840a6a98f87d259725924cf7df
2a1bc4913cd5ecb0434df07cb675b798
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 5, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:40:13 GMT', 'total': 68}]
['thor']----------
33
24f52e6e0ca82e4d70016c047cef45ce9d361821e81d91f53558a01fc7c0fbf4
suspicious5-dropper-v2.exe3/7/22 4:313/7/22 4:31Win32 EXE
c790f23d515719c33eb60b15e26eefa3
03eb899c0561872628b2bfd9a8a5fa25b0626881
24f52e6e0ca82e4d70016c047cef45ce9d361821e81d91f53558a01fc7c0fbf4
2a1bc4913cd5ecb0434df07cb675b798
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 5, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:37:50 GMT', 'total': 62}]
['thor']----------
34
0ae64d6be050e6b4a2149dbbad3cb4409d58b1568f5d76636367112511afe78b
suspicious2-dropper-v2.exe3/7/22 4:303/7/22 4:30Win32 EXE
9b2caf9ebabbb66d36445ab7f039981b
f6d8dfe25b746495ca50506e2c498078e8f23b48
0ae64d6be050e6b4a2149dbbad3cb4409d58b1568f5d76636367112511afe78b
2d75315132865e0ed763c162dc74b166
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:36:44 GMT', 'total': 69}]
['thor']----------
35
a797f33b6e963027fcaab61e5599fc7e5e74a0f81d88280f4969e8fbe8588d91
suspicious4Microsoft: Trojan:Win32/Sabsik.TE.B!ml3/7/22 4:273/7/22 4:27Win32 EXE
32488f899972b1eeb2ceca945bed6ebb
41e03488507a6b0ab4bad0ad80e6862e0d61a455
a797f33b6e963027fcaab61e5599fc7e5e74a0f81d88280f4969e8fbe8588d91
d145da74de892441c6294530ce6ac792
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:34:35 GMT', 'total': 69}]
['thor']
Trojan:Win32/Sabsik.TE.B!ml
---------
36
a2e2c8c6f5b813d2b1fe45ab11145750e48a47e451db4f1a4f1840dbf1698852
suspicious3-dropper-v2.exe3/7/22 3:553/7/22 3:55Win32 EXE
b7d3c9f292d1d30962aad053074fb3fe
689f864ec66a3af90a6df5b304011a36d94058f7
a2e2c8c6f5b813d2b1fe45ab11145750e48a47e451db4f1a4f1840dbf1698852
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 3, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 06:01:47 GMT', 'total': 68}]
['thor']----------
37
5c1239215b1663682727b5b333a393cf1fe7ed025c9ab643cb9cfaa9515227ee
suspicious1-dropper-v2.exe3/7/22 3:543/7/22 3:54Win32 EXE
fb9935eac0da8fe7d6a3ce68b7f5deb0
5c38bd09a256398361aa68acce291faaac2456e7
5c1239215b1663682727b5b333a393cf1fe7ed025c9ab643cb9cfaa9515227ee
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
38
9c03bd8bdc7cc3ab8455b5ef8f621a6c134b3a511db6b9aadf3353300ef3ea9a
suspicious2-dropper-v2.exe3/7/22 3:463/7/22 3:46Win32 EXE
f0e86731b67486d74546b67f7fed1dc0
c8ac2d7e1facd1bb7735a54d25d1a8f4a333305c
9c03bd8bdc7cc3ab8455b5ef8f621a6c134b3a511db6b9aadf3353300ef3ea9a
b9b920e962c128f1d39411f3d113ea47
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
39
72c6e353dfd8c22b58f8f51a5afdaf4f60bfc0eac296aa057aeaddc4e4c08308
suspicious3-dropper-v2.exe3/7/22 3:453/7/22 3:45Win32 EXE
6d94828874a7b412e3091f1569882e56
d81eec6874d688d34c49ac5e2e9b6c05163578f2
72c6e353dfd8c22b58f8f51a5afdaf4f60bfc0eac296aa057aeaddc4e4c08308
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 3, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 05:51:22 GMT', 'total': 69}]
['thor']----------
40
06156e11e9e6d07670de6b2e247a57aa84a1f050ad9d5a0b4071f29ad8103acc
suspicious3-dropper-v2.exe3/7/22 3:443/7/22 3:44Win32 EXE
9dd2995169dd9786c5423d0f11df8acc
0026e5363792a0cfe43e4ec0bb044121c9cbbbdb
06156e11e9e6d07670de6b2e247a57aa84a1f050ad9d5a0b4071f29ad8103acc
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 3, 'rulename': 'SUSP_PDB_String_Keyword_1_Med', 'tags': ['FILE', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 05:51:22 GMT', 'total': 68}]
['thor']----------
41
064f7feca0f273dd0ee53aa28ad13113a881df8ca4ceab38a32bb80ecc2de699
suspicious4
Microsoft: Trojan:Win64/RootkitDrv!MSR / McAfee: Artemis!6773D678404E
3/7/22 3:123/7/22 3:12Win32 EXE
6773d678404e9bb1a5ee327d949d0e54
060e0fcf5b6ad80a19a6b313a3bbea0a15a95c6a
064f7feca0f273dd0ee53aa28ad13113a881df8ca4ceab38a32bb80ecc2de699
999540feead9d9ae9e9289a729425e19
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']
Trojan:Win64/RootkitDrv!MSR
-
Artemis!6773D678404E
-------
42
80e8d33175aaadd4d40f1bc323dc370ea90c5c05ee09cf3f833c45de5e6c98cf
suspicious1-new-dropper.exe3/7/22 3:023/7/22 3:02Win32 EXE
96e232f65947849e320a9c298b1bc7ec
d967c4f506de490b88929adf06f922f3e54db1e3
80e8d33175aaadd4d40f1bc323dc370ea90c5c05ee09cf3f833c45de5e6c98cf
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
43
b1efb69178dc258d9caa7bdf4b4faeac9841abf46b21660c18e5d8163f8dcaca
suspicious4-
b1efb69178dc258d9caa7bdf4b4faeac9841abf46b21660c18e5d8163f8dcaca.sample
3/7/22 2:313/7/22 2:31Win32 EXE
1e350897d2b07f36d02518ee63f13f55
cff941405b63f8e6dd2419965e89ee216fccc425
b1efb69178dc258d9caa7bdf4b4faeac9841abf46b21660c18e5d8163f8dcaca
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
44
1c3a34ed9129c3065316d14dcc22ba4f3d8cabd8f62b59bac36848056251670c
suspicious2-d5lpQASSpK.exe3/7/22 2:173/7/22 2:17Win32 EXE
1d0aba89fd0f128280af4a098a70ca6e
1dc4c351d7292a15c2e515ac5e2ef1cb8fc2e9d2
1c3a34ed9129c3065316d14dcc22ba4f3d8cabd8f62b59bac36848056251670c
35f168353eb1d238d3a374770beaafc7
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
45
789daafab5b85a1d1038ff484b7acdd14e1a548d0224f3a723b52d2227534d23
suspicious3-new-dropper.exe3/7/22 1:393/7/22 1:39Win32 EXE
9a646972747009de1d654d0b39905f5b
64fca043e23ae13aeaf94e033c94fa18ca7c8d7c
789daafab5b85a1d1038ff484b7acdd14e1a548d0224f3a723b52d2227534d23
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
46
99f20d8f944d2f03fbe1198e30bd9380b1cf644b8fee1b6d856debfc62585eaf
suspicious3-new-dropper.exe3/7/22 1:363/7/22 1:36Win32 EXE
f24b438308fd1d9fd2dd193f608702ff
ac59ca5facd4b3b35fb2b8a6c100e4a9e99203c9
99f20d8f944d2f03fbe1198e30bd9380b1cf644b8fee1b6d856debfc62585eaf
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
47
6391ef608f639ec28a52b3063c45f2834fe8dfa668a7ed27ca1b91ec2e771a40
suspicious4-
6391ef608f639ec28a52b3063c45f2834fe8dfa668a7ed27ca1b91ec2e771a40.sample
3/7/22 1:263/7/22 1:26Win32 EXE
04d63945de33984758b4941fb0152c49
24886fc93ad70b76993f93577222a5d356458a16
6391ef608f639ec28a52b3063c45f2834fe8dfa668a7ed27ca1b91ec2e771a40
1600fc5ed46d2512bc55d80ccd0bdc7f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
48
4880fe56c299754f37bebe214fe49b803a9c4b4c74b79b261f72c20980ccd12f
suspicious1-new-dropper.exe3/7/22 1:223/7/22 1:22Win32 EXE
6eeb84f8766f4afa7d0751c1ed379580
806de96ef89ea05f571ec58bca3f244951f0e95a
4880fe56c299754f37bebe214fe49b803a9c4b4c74b79b261f72c20980ccd12f
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 03:29:09 GMT', 'total': 69}]
['thor']----------
49
9942e5320b02e30e0e311f55343f6370a109ba9876ade08bcfba5cdd6fbd3ea9
suspicious2-new-dropper.exe3/7/22 1:213/7/22 1:21Win32 EXE
86528f18ebd46d1e7588f4d50503136f
a9fafae07e1c0102268e8e35b7b5d5639aeccebe
9942e5320b02e30e0e311f55343f6370a109ba9876ade08bcfba5cdd6fbd3ea9
1312003701d7413c5b7d1a61b308b3de
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
50
63375143a19c7c4d57f5a1e14664b87b515c8067046d96b16b1ece4708ceb7e4
clean0-new-dropper.exe3/7/22 1:193/7/22 1:19Win32 EXE
78febe039aca9a238b87e82757abe7f8
fde2e2bca69132e710c62b4597ef350d80e42f64
63375143a19c7c4d57f5a1e14664b87b515c8067046d96b16b1ece4708ceb7e4
125be1fa11a8ec0815af3f9ff13f7a5e
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
51
5e1ff7ae123131cc9ff1311bbf1e2fdc85672e74f7a6dd8fa42a901f75d33f71
suspicious1-new-dropper.exe3/7/22 1:183/7/22 1:18Win32 EXE
9c107d1d8315a742f6d65da3fdca9988
4e1f1adcc8d8e6553b74b023cb432a0d852cb4ca
5e1ff7ae123131cc9ff1311bbf1e2fdc85672e74f7a6dd8fa42a901f75d33f71
4c7d26d08cd81525f4159e2edb1361ec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
52
feca6686e8c5438ed0b3e1885eba3c2638d8efdfaf01421954d70f8acca4bcc7
suspicious1-new-dropper.exe3/7/22 1:173/7/22 1:17Win32 EXE
3d4a46c098b9a75a5967586701e4e139
562feb9bf632f8267e5515c157a0bc5cbc2dedfc
feca6686e8c5438ed0b3e1885eba3c2638d8efdfaf01421954d70f8acca4bcc7
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 03:23:46 GMT', 'total': 69}]
['thor']----------
53
d7f66d9fde9804a6aba52f43e0496dd4b79c60c07a605855d04a151c964f5e89
suspicious1-new-dropper.exe3/7/22 1:113/7/22 1:11Win32 EXE
109abee33c4cbbfcae4a821062aa7d9a
bf215d34bcbabfb83a054f34ca0b77491a9b41f2
d7f66d9fde9804a6aba52f43e0496dd4b79c60c07a605855d04a151c964f5e89
6a50eba057d816b6a1e744fd57bd754e
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
54
ae73f41385412f7067c983779695b8ae0e6dbd115eda86f0ebab0a4eebb0b6c2
malicious16
Microsoft: Trojan:Win32/Sabsik.FL.B!ml / McAfee: Artemis!A245FD98E41F / ESET-NOD32: a variant of Win64/Packed.Themida.KX / GData: Win64.Trojan.Agent.7JYEEQ
EnfusionLoader.exe3/7/22 1:113/7/22 1:11Win32 EXE
a245fd98e41fea0c4d5aab9b81692562
8cb789ded7aff307dfdead1188b385b3616eb248
ae73f41385412f7067c983779695b8ae0e6dbd115eda86f0ebab0a4eebb0b6c2
6c2a6f411d52e0bf6d29316089122d7d
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 10, 'rulename': 'SUSP_Protector_Themida_Packed_Samples_Mar21_1', 'tags': ['FILE', 'T1045', 'EXE', 'SUSP'], 'timestamp': 'Mon, 07 Mar 2022 03:18:06 GMT', 'total': 69}]
['thor']
Trojan:Win32/Sabsik.FL.B!ml
-
Artemis!A245FD98E41F
--
a variant of Win64/Packed.Themida.KX
---
Win64.Trojan.Agent.7JYEEQ
55
3a871d3c8189bab532b60f669a70882bc266b94552bc423349675c4b154f4a8b
suspicious1-new-dropper.exe3/7/22 1:103/7/22 1:10Win32 EXE
dec0a7dedb470b177ea6e7e0463c099b
6faf49ab963460a39bcf79837e777a4cdec1f415
3a871d3c8189bab532b60f669a70882bc266b94552bc423349675c4b154f4a8b
a794537746917f230c221a5b5f481df8
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
56
8845f667640138203e7cca5b8eceee3db249f796ad2d27c2d47c01c10155aaec
suspicious1-new-dropper.exe3/7/22 0:333/7/22 0:33Win32 EXE
252f3b742f7517874a156fce8092f2ef
196ba54ceffab10cb7dbdf883c5cedcd4658cf75
8845f667640138203e7cca5b8eceee3db249f796ad2d27c2d47c01c10155aaec
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:40:11 GMT', 'total': 68}]
['thor']----------
57
3f525252462f335576f1af8b8f18accd82263cea7de09153ae554fa5e3f2969b
suspicious1-new-dropper.exe3/7/22 0:323/7/22 0:32Win32 EXE
28e10dabbdc0e39d3ca93613c4a8cedb
2859aaa25554e147f9ded8b9f379f9c23af21992
3f525252462f335576f1af8b8f18accd82263cea7de09153ae554fa5e3f2969b
78dadbfcdaf1e70777e30ff95b801576
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:39:08 GMT', 'total': 68}]
['thor']----------
58
a9bf82507a849f7d1faea6773965970e263c532cd3d0da2795c68b33fb7c57de
suspicious2-new-dropper.exe3/7/22 0:233/7/22 0:23Win32 EXE
853aa83e547d591c34ab1c266b0f0239
5dba55a1ce3b204c6c31d0645815899ba2af78b5
a9bf82507a849f7d1faea6773965970e263c532cd3d0da2795c68b33fb7c57de
b85e5ebbb483258cc85969909d04f49b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:29:06 GMT', 'total': 68}]
['thor']----------
59
c938421f625927269a60efbbb697f0a9871ff13f5677fd2c2b133d0dec639d7d
suspicious2-new-dropper.exe3/7/22 0:203/7/22 0:20Win32 EXE
742042616341e2f6e5aa5e503e33a844
363ac5ff71875451c544b566988fe8aaf79019eb
c938421f625927269a60efbbb697f0a9871ff13f5677fd2c2b133d0dec639d7d
b85e5ebbb483258cc85969909d04f49b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:25:54 GMT', 'total': 68}]
['thor']----------
60
3d3fa2cbeda66cfbefb9f38007eb35a8c13acc9e2feed5e98c66b4eb987c4822
suspicious1-new-dropper.exe3/7/22 0:193/7/22 0:19Win32 EXE
fd54cddc9aebc9bdc912e248a11b1e7a
30cf7b12ab005fa41942efec8b655b140e668ce1
3d3fa2cbeda66cfbefb9f38007eb35a8c13acc9e2feed5e98c66b4eb987c4822
b44497ccc6f7c79e66e40afca3d30696
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:25:55 GMT', 'total': 69}]
['thor']----------
61
d667e250aa26fd86110bcf6c44a8d897bae69a2bb26da9de5920bcc90de3579c
suspicious1-new-dropper.exe3/7/22 0:183/7/22 0:18Win32 EXE
bf2a68203af83e916cb9996c73794a31
c6f8f021757cc17e8681d28b3cef9a46b38874b4
d667e250aa26fd86110bcf6c44a8d897bae69a2bb26da9de5920bcc90de3579c
4c7d26d08cd81525f4159e2edb1361ec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:24:36 GMT', 'total': 69}]
['thor']----------
62
8f372cff7fefc38c06cf2c3b02996211ee3bf2a623d0f17103f2f0951f80be19
suspicious1-new-dropper.exe3/7/22 0:173/7/22 0:17Win32 EXE
80ad6c1724bae12198102572ec13273a
a72164e6bfb7fd8e23fc3c6c28ae129d71866cf1
8f372cff7fefc38c06cf2c3b02996211ee3bf2a623d0f17103f2f0951f80be19
4c7d26d08cd81525f4159e2edb1361ec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
63
5150fd1d2fb2334f036c9b5b8cc00339706815d5eb811849c263873388a879b3
suspicious2-new-dropper.exe3/7/22 0:153/7/22 0:15Win32 EXE
27b0f3eb28656657e48a64cdbe12fee1
719d5feecd85fd84c1cc1ab252afec953452a7bd
5150fd1d2fb2334f036c9b5b8cc00339706815d5eb811849c263873388a879b3
b85e5ebbb483258cc85969909d04f49b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:22:02 GMT', 'total': 69}]
['thor']----------
64
f37e6bfeb905399493274707a3e244922649617115d20ab0a61999a452469df5
suspicious4-new-dropper.exe3/7/22 0:133/7/22 0:13Win32 EXE
f9fab3ded5d5f44f87411a2adf9b0f16
30ab591592d02d7ada3b94c3820ff320c1f343e8
f37e6bfeb905399493274707a3e244922649617115d20ab0a61999a452469df5
b85e5ebbb483258cc85969909d04f49b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 4, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:19:42 GMT', 'total': 69}]
['thor']----------
65
51b010d8dc63626f4edb917fc6e0e653f83ed75ab305b67e821a0ad69ea230d7
suspicious4-new-dropper.exe3/7/22 0:103/7/22 0:10Win32 EXE
01bb67548dbbf6227e1fad8170ef4825
3959f0462090d27354b2fed939b09ded26c76696
51b010d8dc63626f4edb917fc6e0e653f83ed75ab305b67e821a0ad69ea230d7
f6a2ee773de96eaf82780b497d00899f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 4, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:17:32 GMT', 'total': 68}]
['thor']----------
66
20c498e0155da1d417b73b85e74df176271f1aabdc5a40a4e10cab7f9683c4b9
suspicious4-new-dropper.exe3/7/22 0:083/7/22 0:08Win32 EXE
8461a4a8a97483b4c5821d13460fda19
5f43a6871bc91c3961bb57eae599fce3ef838d00
20c498e0155da1d417b73b85e74df176271f1aabdc5a40a4e10cab7f9683c4b9
f6a2ee773de96eaf82780b497d00899f
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 4, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 02:15:05 GMT', 'total': 69}]
['thor']----------
67
76e56f9e605ca42c5d4e7b600739db938a3c1225fa2ba91b5913166b48af91ef
suspicious2-dropper-sample.exe3/6/22 23:303/6/22 23:30Win32 EXE
fea083501907ca649fef26d5aa44a533
7519ae8d01be4b26e64799e3206700f5f187ead6
76e56f9e605ca42c5d4e7b600739db938a3c1225fa2ba91b5913166b48af91ef
3f950c4449b0ed218370bafff56c8715
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
68
d5dac04dd31d41424936ae46e457e91b2b0474f68228972caf86ae942d73ed83
clean0-dropper-sample.exe3/6/22 23:283/6/22 23:28Win32 EXE
3e7e45cbacac7994232dc37b65fad1b2
c817f7deb668e31d0cc85dbdedf5f6fa5ea1d0f3
d5dac04dd31d41424936ae46e457e91b2b0474f68228972caf86ae942d73ed83
125be1fa11a8ec0815af3f9ff13f7a5e
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
69
54ed5a7092bbd2fc0878919eae0393226a424ef71c7128b6233f61d5c462c407
suspicious2-dropper-sample.exe3/6/22 23:273/6/22 23:27Win32 EXE
4bd0da68ae035e5d91b3a9961d8f8a83
0631b9b70828038194cd1658f7d79f73af6c5cca
54ed5a7092bbd2fc0878919eae0393226a424ef71c7128b6233f61d5c462c407
cb6c15d609eefedfec91d141bdf6ee8e
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 19:48:57 GMT', 'total': 67}]
['thor']----------
70
8f08a1d5a8a8bf79e909ee854f991ec58d39419bd40ed9cb4f906eee57f7130d
suspicious1-dropper-sample.exe3/6/22 23:253/6/22 23:25Win32 EXE
28d29c49ef05cc1e28f6be8551817631
f6ff7c537718f9dbcbb04c0b127b3e62ba2bdfe9
8f08a1d5a8a8bf79e909ee854f991ec58d39419bd40ed9cb4f906eee57f7130d
cb6c15d609eefedfec91d141bdf6ee8e
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
71
6f1c577f5c1babb1af7531de78725e56b8ad327fbe239de6be3f3021e74e0925
suspicious1-dropper-sample.exe3/6/22 23:233/6/22 23:23Win32 EXE
56f4ccd0e41b266660a4fe57c17492ad
3486fa46061689feb393aae942c119778de3529b
6f1c577f5c1babb1af7531de78725e56b8ad327fbe239de6be3f3021e74e0925
c7761aafbb5efdcff6b08ee4c0d32596
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
72
bf26fb4d54b2eeec9cfc4b2380d6c8332be086d6b70141d6b7fddab84488127b
suspicious1-dropper-sample.exe3/6/22 23:193/6/22 23:19Win32 EXE
bea5149b3474d97fce2a8e2ccfebf538
04a15d21869e63e9dc090d522ea3de05fafb4104
bf26fb4d54b2eeec9cfc4b2380d6c8332be086d6b70141d6b7fddab84488127b
c7761aafbb5efdcff6b08ee4c0d32596
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 1, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Mon, 07 Mar 2022 01:24:55 GMT', 'total': 69}]
['thor']----------
73
63480567ae0e726c296eea1ce67bf954bbef26e4d240be3be399d50249fa496d
suspicious2-dropper-sample.exe3/6/22 14:413/6/22 14:41Win32 EXE
521ceeb7f28d79041f7a40211b9d449b
4a2deb334844248fedf1096e5c60403d3c051e68
63480567ae0e726c296eea1ce67bf954bbef26e4d240be3be399d50249fa496d
b5f8f4a6b47a82e2a044a75c2864f138
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 2, 'rulename': 'MAL_EncryptedShellcode_Samples_Apr20_1', 'tags': ['MAL', 'EXE'], 'timestamp': 'Sun, 06 Mar 2022 16:47:41 GMT', 'total': 69}]
['thor']----------
74
fc33d0b16986f5db371061041fb8020336f8acb140b2b78109d2499ddcbfecbf
suspicious6-NvidiaDriverSigner.exe3/6/22 13:303/6/22 13:30Win32 EXE
9a6855e90788a87ae5011e6a49c03c97
0ec0ac816046165280f7421680d2c6512ecb0082
fc33d0b16986f5db371061041fb8020336f8acb140b2b78109d2499ddcbfecbf
a6c23bca995ca4e105194bdf3f44c81b
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']----------
75
5c80e45555802a0074492df26555a438fae50eae55c781dce56fd2dea41d811c
suspicious5GData: Trojan.Agent.FTXF<NTLCIPHER>, Cipher.exe, <Aditor>3/6/22 12:593/6/22 12:59Win32 EXE
5cde8d972457f64972076ac3aedb4f5b
7987de800dde487b1678ae53eb0898fe77fbc1d5
5c80e45555802a0074492df26555a438fae50eae55c781dce56fd2dea41d811c
f76646f909b5f3ed2034db9971344fd4
FALSEFALSEFALSEFALSEFALSEFALSE
Internet Widgits Pty Ltd
FALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']---------
Trojan.Agent.FTXF
76
54b4caff62886937e507d84e15a909386e54197eba93fa092fd4da72e2c4fab0
malicious14
Microsoft: Trojan:Win32/Tnega!ml / Kaspersky: Trojan.Win32.Agent.xaobea / McAfee: Artemis!F6C28C8FB453
gay.exe3/5/22 12:123/5/22 12:12Win32 EXE
f6c28c8fb453d17c857dc5cb3e4db3e2
a0baf434ea5fca14c4700cf46054b5eef4569871
54b4caff62886937e507d84e15a909386e54197eba93fa092fd4da72e2c4fab0
baf494ac0e2fbcd11ec1cb38d2429bec
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']
Trojan:Win32/Tnega!ml
Trojan.Win32.Agent.xaobea
Artemis!F6C28C8FB453
-------
77
297b0daab65fb2846095ef82eca7bd5b34b9c759fa58b76c8777a4f6789abdc3
suspicious6ESET-NOD32: a variant of Win32/Packed.VMProtect.ACRnvraid[1].sys3/5/22 0:083/5/22 0:08Win32 EXE
237dc13ec8ff0fdaaea67d4f43645908
3b6f650b1b58f48858f7970711868c35052e5480
297b0daab65fb2846095ef82eca7bd5b34b9c759fa58b76c8777a4f6789abdc3
cbe23b8ff442b13208c766e0a00aa464
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']-----
a variant of Win32/Packed.VMProtect.ACR
----
78
a0aa66f6639e2b54a908115571c85285598845d3e52888fe27c6b35f6900fe56
malicious48
Microsoft: Backdoor:MSIL/Bladabindi.B / Kaspersky: HEUR:Trojan.Win32.Generic / McAfee: Trojan-FIGN / CrowdStrike: win/malicious_confidence_100% (W) / TrendMicro: BKDR_BLADABI.SMC / ESET-NOD32: a variant of MSIL/Bladabindi.AR / GData: MSIL.Trojan-Spy.Bladabindi.BQ
ks8auf9g5.dll, PDF.exe, server.exe, a0aa66f6639e2b54a908115571c85285598845d3e52888fe27c6b35f6900fe56.sample
3/4/22 16:263/4/22 17:28Win32 EXE
82366db26b8208d923f478090873daa3
7d75f820d51ee19c56efa9f0bb9ca025fee0cc0b
a0aa66f6639e2b54a908115571c85285598845d3e52888fe27c6b35f6900fe56
f34d5f2d4577ed6d9ceec516c1f5a744
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 45, 'rulename': 'NJRAT_Gen_Apr17', 'tags': ['T1047', 'EXE', 'FILE', 'T1053', 'HKTL', 'GEN'], 'timestamp': 'Fri, 04 Mar 2022 18:33:59 GMT', 'total': 69}, {'positives': 45, 'rulename': 'NJRAT_Jul17_1A', 'tags': ['FILE', 'MAL', 'T1089', 'EXE'], 'timestamp': 'Fri, 04 Mar 2022 18:34:01 GMT', 'total': 69}, {'positives': 45, 'rulename': 'Malware_QA_NovA_1', 'tags': ['FILE', 'MAL', 'EXE'], 'timestamp': 'Fri, 04 Mar 2022 18:34:01 GMT', 'total': 69}, {'positives': 45, 'rulename': 'MAL_Balabindi_May19_1', 'tags': ['FILE', 'MAL', 'EXE'], 'timestamp': 'Fri, 04 Mar 2022 18:34:01 GMT', 'total': 69}]
['thor', 'thor', 'thor', 'thor']
Backdoor:MSIL/Bladabindi.B
HEUR:Trojan.Win32.Generic
Trojan-FIGN
win/malicious_confidence_100% (W)
BKDR_BLADABI.SMC
a variant of MSIL/Bladabindi.AR
---
MSIL.Trojan-Spy.Bladabindi.BQ
79
16f7b8fec96e0fd2a3ccdfe4dc090665bce1fadb956c478a5f2b9fc24513738b
clean0-driver.sys3/4/22 15:043/4/22 15:04Win32 EXE
d961d2e605b85f19f007e95138e5cc8b
9dd93298ff7dc4d9bd592587b2b506ac83b220ee
16f7b8fec96e0fd2a3ccdfe4dc090665bce1fadb956c478a5f2b9fc24513738b
a7f039eec35ab460140e0a9ddf36c423
FALSEFALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSEFALSEFALSE
[{'positives': 0, 'rulename': 'SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1', 'tags': [], 'timestamp': 'Mon, 07 Mar 2022 19:46:49 GMT', 'total': 68}]
['thor']----------
80
00cb4ba80f7976196a026bee77642020f6384bc61fa7358580431a1c980bec54
malicious16
Microsoft: Trojan:Win32/Sabsik.TE.B!ml / Kaspersky: UDS:HackTool.Win64.KernelDrUtil.gen / McAfee: Artemis!7D4CD357DBBC / CrowdStrike: win/malicious_confidence_100% (W) / ESET-NOD32: a variant of Win64/TrojanDropper.Agent.DO
FULL_SIGNED_DECEIT.exe3/3/22 11:203/3/22 11:20Win32 EXE
7d4cd357dbbc85b0d15d432862cf8ac9
c646501127c7ed4e109e6c2b3be0cec9d8574987
00cb4ba80f7976196a026bee77642020f6384bc61fa7358580431a1c980bec54
695d0f9d145018582cc321c496e26838
-FALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSE-FALSE
[{'positives': 8, 'rulename': 'SUSP_HKTL_Hacktool_Strings_Oct21_1', 'tags': ['HKTL', 'SUSP'], 'timestamp': 'Thu, 03 Mar 2022 13:26:39 GMT', 'total': 71}, {'positives': 8, 'rulename': 'HKTL_KernelDriverUtility_Aug21_1', 'tags': ['HKTL'], 'timestamp': 'Thu, 03 Mar 2022 13:26:39 GMT', 'total': 71}, {'positives': 8, 'rulename': 'HKTL_Injection_ShellCode_Keywords', 'tags': ['HKTL'], 'timestamp': 'Thu, 03 Mar 2022 13:26:39 GMT', 'total': 71}, {'positives': 8, 'rulename': 'HKTL_InfinityHook_Jul21_1', 'tags': ['EXE', 'HKTL'], 'timestamp': 'Thu, 03 Mar 2022 13:26:39 GMT', 'total': 71}, {'positives': 8, 'rulename': 'HKTL_GhostInTheLogs_Aug21_1', 'tags': ['T1562_002', 'HKTL'], 'timestamp': 'Thu, 03 Mar 2022 13:26:40 GMT', 'total': 71}]
['thor', 'thor', 'thor', 'thor', 'thor']
Trojan:Win32/Sabsik.TE.B!ml
UDS:HackTool.Win64.KernelDrUtil.gen
Artemis!7D4CD357DBBC
win/malicious_confidence_100% (W)
-
a variant of Win64/TrojanDropper.Agent.DO
----
81
1dffc48a3de79c19c5da0cb60a0f076adae8444869f5b0787a470c6d54e446cd
clean0-Injector.exe3/2/22 10:373/2/22 10:37Win32 EXE
084f38ffc6387509b8bf58e9dbcdc85a
3d155a288c3e7ca13124dc254ef066ae93d4cc44
1dffc48a3de79c19c5da0cb60a0f076adae8444869f5b0787a470c6d54e446cd
6df8f93709bc23e1ff5c0bb1db7e3303
-FALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSE-FALSE
[{'positives': 0, 'rulename': 'Generic_Strings_Hacktools', 'tags': ['GEN', 'FILE', 'EXE', 'HKTL'], 'timestamp': 'Wed, 02 Mar 2022 12:44:17 GMT', 'total': 71}]
['thor']----------
82
0210a766da3e6d0cecbf166437a254c8ad6b380b077355a027fd0b7e3c2ccc9f
malicious17
Microsoft: Trojan:Win32/Sabsik.TE.B!ml / McAfee: Artemis!EE9554DFB03B / ESET-NOD32: a variant of Win64/TrojanDropper.Agent.DO
Unversal.exe3/2/22 3:483/2/22 3:48Win32 EXE
ee9554dfb03b3beb7103f4c0429a1c45
14d751e0f3abe7ee56b71ead38a848968026fba0
0210a766da3e6d0cecbf166437a254c8ad6b380b077355a027fd0b7e3c2ccc9f
695d0f9d145018582cc321c496e26838
-FALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSE-FALSE
[{'positives': 11, 'rulename': 'HKTL_GhostInTheLogs_Aug21_1', 'tags': ['T1562_002', 'HKTL'], 'timestamp': 'Wed, 02 Mar 2022 05:54:47 GMT', 'total': 72}, {'positives': 11, 'rulename': 'HKTL_KernelDriverUtility_Aug21_1', 'tags': ['HKTL'], 'timestamp': 'Wed, 02 Mar 2022 05:54:47 GMT', 'total': 72}, {'positives': 11, 'rulename': 'HKTL_InfinityHook_Jul21_1', 'tags': ['EXE', 'HKTL'], 'timestamp': 'Wed, 02 Mar 2022 05:54:47 GMT', 'total': 72}, {'positives': 11, 'rulename': 'SUSP_HKTL_Hacktool_Strings_Oct21_1', 'tags': ['HKTL', 'SUSP'], 'timestamp': 'Wed, 02 Mar 2022 05:54:47 GMT', 'total': 72}, {'positives': 11, 'rulename': 'HKTL_Injection_ShellCode_Keywords', 'tags': ['HKTL'], 'timestamp': 'Wed, 02 Mar 2022 05:54:47 GMT', 'total': 72}]
['intezer_analyze', 'thor', 'thor', 'thor', 'thor', 'thor']
Trojan:Win32/Sabsik.TE.B!ml
-
Artemis!EE9554DFB03B
--
a variant of Win64/TrojanDropper.Agent.DO
----
83
26683864b9c90e43de444ca09d5b2806c26dd9402c2010d0799f1963fd584c23
malicious19
Microsoft: Trojan:Win32/Sabsik.TE.B!ml / Kaspersky: UDS:HackTool.Win64.KernelDrUtil.gen / McAfee: Artemis!378F73A637D8 / ESET-NOD32: a variant of Win64/TrojanDropper.Agent.DO / GData: Win64.Trojan.Agent.W036OG
face.exe3/2/22 1:253/2/22 1:25Win32 EXE
378f73a637d817b4cdd54117454e1f86
b79cc30b4d7ab5de33829187b9a5a02921c0a08e
26683864b9c90e43de444ca09d5b2806c26dd9402c2010d0799f1963fd584c23
695d0f9d145018582cc321c496e26838
-FALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignTRUEFALSEFALSEFALSEFALSE-FALSE
[{'positives': 11, 'rulename': 'HKTL_InfinityHook_Jul21_1', 'tags': ['EXE', 'HKTL'], 'timestamp': 'Wed, 02 Mar 2022 03:32:20 GMT', 'total': 71}, {'positives': 11, 'rulename': 'HKTL_GhostInTheLogs_Aug21_1', 'tags': ['T1562_002', 'HKTL'], 'timestamp': 'Wed, 02 Mar 2022 03:32:22 GMT', 'total': 71}, {'positives': 11, 'rulename': 'HKTL_KernelDriverUtility_Aug21_1', 'tags': ['HKTL'], 'timestamp': 'Wed, 02 Mar 2022 03:32:22 GMT', 'total': 71}, {'positives': 11, 'rulename': 'SUSP_HKTL_Hacktool_Strings_Oct21_1', 'tags': ['HKTL', 'SUSP'], 'timestamp': 'Wed, 02 Mar 2022 03:32:22 GMT', 'total': 71}, {'positives': 11, 'rulename': 'HKTL_Injection_ShellCode_Keywords', 'tags': ['HKTL'], 'timestamp': 'Wed, 02 Mar 2022 03:32:22 GMT', 'total': 71}]
['thor', 'thor', 'thor', 'thor', 'thor']
Trojan:Win32/Sabsik.TE.B!ml
UDS:HackTool.Win64.KernelDrUtil.gen
Artemis!378F73A637D8
--
a variant of Win64/TrojanDropper.Agent.DO
---
Win64.Trojan.Agent.W036OG
84
07ffa010ee48af8671fe74245bdfb54d9267aef748d9dc1fc8ca8df4966b871a
suspicious2-CosExampleDriver.sys3/1/22 19:523/1/22 19:52Win32 EXE
0a8ec56e7131dccb30845dfcec2b2d71
bf9835bd0bcfbd49a100362bafbd530fa58475cf
07ffa010ee48af8671fe74245bdfb54d9267aef748d9dc1fc8ca8df4966b871a
a3e5458508b19ec723b3c306287a3eea
-FALSEFALSEFALSEFALSEFALSE
NVIDIA Corporation
VeriSign Class 3 Code Signing 2010 CA
 VeriSignFALSEFALSEFALSEFALSEFALSE-FALSE[]['-']----------
85
415f418064c64aef6be7d26ad79260a36f38d52322d7a382b7afc3f9212993c7
suspicious2CrowdStrike: win/malicious_confidence_90% (W)file#293773.scr9/11/21 14:319/11/21 14:31Win32 DLL
6484ce306a5fcbbb0e37b6ea41520536
d95649b046bf8330bcc8d78503d3660a3e07faa0
415f418064c64aef6be7d26ad79260a36f38d52322d7a382b7afc3f9212993c7
-FALSEFALSEFALSEFALSEFALSEFALSE-FALSEFALSEFALSEFALSEFALSEFALSEFALSE[]['-']---
win/malicious_confidence_90% (W)
------
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100