MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Blackmoon


Vendor detections: 17


Intelligence 17 IOCs YARA 12 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
SHA3-384 hash: d43f7baebea6f4f0bb4f2e1cee6d76028d1b071ff8f6ccc558bf06b67834d56d9c3aafbc0df7ba1f09c69dc9e0348cc6
SHA1 hash: 32e883771883ba44715180e92a20c80638c5c78f
MD5 hash: 2311a69113104a760d785a79f45bab74
humanhash: december-tennessee-ceiling-eleven
File name:exe3.bin.bak
Download: download sample
Signature Blackmoon
Create hunting rule
File size:3'350'528 bytes
First seen:2024-07-06 12:09:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 30f2d038f1b85739a09af1775d3a9aeb (1 x Blackmoon, 1 x Gh0stRAT)
ssdeep 98304:+5cZe7uQ3mmGOBUv/np/MobFO62BLNBtq7clfJrmf2Yy7:+5t7uwB6f1Vv2BRBSc3Set
TLSH T1AEF533570BF9ACA7F075E9753804EBD6094E583304FE22B88A67C9E5193BE434F99603
TrID 41.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
25.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
10.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon 035d94aaecdddb23 (1 x Blackmoon, 1 x Gh0stRAT)
Reporter Reedus0
Tags:32 Blackmoon exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
350
Origin country :
RU RU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AutotaskMSOutlookExtension.msi
Verdict:
Suspicious activity
Analysis date:
2024-07-01 15:06:00 UTC
Tags:
generated-doc
Link:
https://app.any.run/tasks/9b41b6f5-34e2-49df-9662-6240897f796c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Ascii_110_76_151_2-1
Create hunting rule

Win.Tool.Shadowbrokers-9775051-0
Create hunting rule

Win.Tool.Shadowbrokers-9800457-0
Create hunting rule

Win.Dropper.Tiggre-9845940-0
Create hunting rule

Win.Exploit.Ulise-9853106-0
Create hunting rule

Win.Trojan.Generic-9858245-0
Create hunting rule

Win.Trojan.Emotet-9858246-0
Create hunting rule

Win.Malware.Shadowbrokers-9885806-0
Create hunting rule

Win.Malware.Cxcd-9888060-0
Create hunting rule

Win.Malware.Cxcd-9888201-0
Create hunting rule

Win.Malware.Cxcd-9888693-0
Create hunting rule

Win.Malware.Shadowbrokers-9919377-0
Create hunting rule

Win.Tool.Shadowbrokers-9943477-0
Create hunting rule

Win.Tool.Shadowbrokers-9943479-0
Create hunting rule

Win.Tool.Shadowbrokers-10026173-0
Create hunting rule

Win.Exploit.EternalBlue-6320312-0
Create hunting rule

Win.Exploit.Eternal-6320394-0
Create hunting rule

Win.Exploit.EQGRP-6322722-0
Create hunting rule

Win.Exploit.Doublepulsar-7427328-0
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=668935db3b2ddaaafa498e4awin10vpnfull_triage
Tags:
Network Static Stealth Variant
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a file
DNS request
Connection attempt
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
equationdrug flystudio graftor lolbin masquerade microsoft_visual_cc packed packed packed shell32 upx
Link:
https://www.filescan.io/uploads/6689341e910ce98966fbee10/reports/2d8a6cdf-be65-48a8-97a9-20101f2b8c18/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
FuzzBunch
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0ba9dfa4-d982-48d1-bb8d-b90dffa98540
Result
Threat name:
BlackMoon, DoublePulsar, ETERNALBLUE
Create hunting rule
Detection:
malicious
Classification:
rans.troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1468523
Signature
AI detected suspicious sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses dynamic DNS services
Yara detected BlackMoon Ransomware
Yara detected DoublePulsar
Yara detected ETERNALBLUE
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-06-10 15:12:52 UTC
File Type:
PE (Exe)
Extracted files:
101
AV detection:
29 of 38 (76.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kxtdn2l7ylerogants3hbu6qhhizkx6jitf4ad26qbwv42erltq._file
Verdict:
unknown
Result
Malware family:
gh0strat
Create hunting rule
Score:
  10/10
Tags:
family:blackmoon family:gh0strat banker discovery persistence privilege_escalation rat trojan upx
Link:
https://tria.ge/reports/240706-pb1wys1bjh/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Event Triggered Execution: Netsh Helper DLL
Drops file in Windows directory
Drops file in System32 directory
Executes dropped EXE
Loads dropped DLL
UPX packed file
Unexpected DNS network traffic destination
Boot or Logon Autostart Execution: Port Monitors
Downloads MZ/PE file
Creates a large amount of network flows
Blackmoon, KrBanker
Detect Blackmoon payload
Gh0st RAT payload
Gh0strat
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/df580902-ab63-4860-ba00-0b700e7af67e
Unpacked files
SH256 hash:
e145ac6a651c72bb03e5c6d0a6ae337de6267a32c874c92c0d31fbd46d28e137
MD5 hash:
ee7b4efe98eb1fac28a8bcb68c5e6d5c
SHA1 hash:
6a930a36fe1f06302a505ae1a281280fcc18be24
Detections:
BlackmoonBanker
Create hunting rule
win_doublepulsar_w0
Create hunting rule
MALWARE_Win_BlackMoon
Create hunting rule
INDICATOR_TOOL_EXP_EternalBlue
Create hunting rule
Regin_Related_Malware
Create hunting rule
EquationGroup_Toolset_Apr17_Eternalromance
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
5bec6b3bc6f8cbda50a8c5195a488cc82d2e00f18ec75640db31b2376a6db9f9
MD5 hash:
5b6a804db0c5733d331eb126048ca73b
SHA1 hash:
f18c5acae63457ad26565d663467fa5a7fbfbee4
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
aa8adf96fc5a7e249a6a487faaf0ed3e00c40259fdae11d4caf47a24a9d3aaed
MD5 hash:
e4ad4df4e41240587b4fe8bbcb32db15
SHA1 hash:
e8c98dbcd20d45bbbbf4994cc4c95dfcf504c690
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
b7d8fcc3fb533e5e0069e00bc5a68551479e54a990bb1b658e1bd092c0507d68
MD5 hash:
5b72ccfa122e403919a613785779af49
SHA1 hash:
f560ea0a109772be2b62c539b0bb67c46279abd1
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
f247a48d3ecdbdf91fcd7a2d8728adaaf06149586adde62de7212c6de645ad58
MD5 hash:
cc55779eab28eb65877eec251b731d5b
SHA1 hash:
ae4ea94dd7a0acdcc358a09ab5e2b1847994ad91
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
f0df80978b3a563077def7ba919e2f49e5883d24176e6b3371a8eef1efe2b06a
MD5 hash:
6b7276e4aa7a1e50735d2f6923b40de4
SHA1 hash:
db8603ac6cac7eb3690f67af7b8d081aa9ce3075
Detections:
win_darkpulsar_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
b2a3172a1d676f00a62df376d8da805714553bb3221a8426f9823a8a5887daaa
MD5 hash:
3e89c56056e5525bf4d9e52b28fbbca7
SHA1 hash:
08f93ab25190a44c4e29bee5e8aacecc90dab80c
Detections:
win_darkpulsar_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
7d17ba41ab2d4cd013658e2d46d40ead827b2b33be55f038fad1fc188f08ef7a
SH256 hash:
0259d41720f7084716a3b2bbe34ac6d3021224420f81a4e839b0b3401e5ef29f
MD5 hash:
838ceb02081ac27de43da56bec20fc76
SHA1 hash:
972ab587cdb63c8263eb977f10977fd7d27ecf7b
Detections:
win_darkpulsar_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
ca63dbb99d9da431bf23aca80dc787df67bb01104fb9358a7813ed2fce479362
MD5 hash:
f0881d5a7f75389deba3eff3f4df09ac
SHA1 hash:
8404f2776fa8f7f8eaffb7a1859c19b0817b147a
Detections:
win_darkpulsar_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
be8eb97d8171b8c91c6bc420346f7a6d2d2f76809a667ade03c990feffadaad5
MD5 hash:
5e8ecdc3e70e2ecb0893cbda2c18906f
SHA1 hash:
43f92d0e47b1371c0442c6cc8af3685c2119f82c
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
aceb27720115a63b9d47e737fd878a61c52435ea4ec86ba8e58ee744bc85c4f3
MD5 hash:
9a5cec05e9c158cbc51cdc972693363d
SHA1 hash:
ca4d1bb44c64a85871944f3913ca6ccddfa2dc04
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee
MD5 hash:
f01f09fe90d0f810c44dce4e94785227
SHA1 hash:
036f327417b7e1c6e0b91831440992972bc7802e
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
MD5 hash:
4420f8917dc320a78d2ef14136032f69
SHA1 hash:
06cd886586835b2bf0d25fba4c898b69e362ba6d
Detections:
win_doublepulsar_w0
Create hunting rule
INDICATOR_TOOL_EXP_EternalBlue
Create hunting rule
EquationGroup_Toolset_Apr17_Eternalromance_2
Create hunting rule
EquationGroup_Toolset_Apr17_Doublepulsar_1_3_1
Create hunting rule
EquationGroup_Toolset_Apr17_Eternalromance
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
MD5 hash:
8c80dd97c37525927c1e549cb59bcbf3
SHA1 hash:
4e80fa7d98c8e87facecdef0fc7de0d957d809e1
Detections:
INDICATOR_TOOL_EXP_EternalBlue
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13
MD5 hash:
c24315b0585b852110977dacafe6c8c1
SHA1 hash:
be855cd1bfc1e1446a3390c693f29e2a3007c04e
Detections:
win_doublepulsar_auto
Create hunting rule
win_doublepulsar_w0
Create hunting rule
INDICATOR_TOOL_EXP_EternalBlue
Create hunting rule
EquationGroup_Toolset_Apr17_Erraticgopher_1_0_1
Create hunting rule
EquationGroup_Toolset_Apr17_Doublepulsar_1_3_1
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
50f329e034db96ba254328cd1e0f588af6126c341ed92ddf4aeb96bc76835937
MD5 hash:
a05c7011ab464e6c353a057973f5a06e
SHA1 hash:
e819a4f985657b58d06b4f8ad483d8e9733e0c37
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
b556b5c077e38dcb65d21a707c19618d02e0a65ff3f9887323728ec078660cc3
MD5 hash:
f82fa69bfe0522163eb0cf8365497da2
SHA1 hash:
75be54839f3d01dc4755ddc319f23f287b1f9a7b
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887
MD5 hash:
3c2fe2dbdf09cfa869344fdb53307cb2
SHA1 hash:
b67a8475e6076a24066b7cb6b36d307244bb741f
Detections:
win_darkpulsar_auto
Create hunting rule
INDICATOR_TOOL_EXP_EternalBlue
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
7d17ba41ab2d4cd013658e2d46d40ead827b2b33be55f038fad1fc188f08ef7a
SH256 hash:
db0831e19a4e3a736ea7498dadc2d6702342f75fd8f7fbae1894ee2e9738c2b4
MD5 hash:
a539d27f33ef16e52430d3d2e92e9d5c
SHA1 hash:
f6d4f160705dc5a8a028baca75b2601574925ac5
Detections:
win_darkpulsar_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Parent samples :
44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
dc1e68fc5367bd44af8bec53aa4d33e9a50c1012be139eeb056f45b0b365fa1a
c751d97251cd67604c0256b779fabac87d4ed2d647ce0d830e2a1670cd3616c6
SH256 hash:
21cc3de3b5f98724261f8258240b06dc0d9a254e095a3ff67f888c52374ce9bc
MD5 hash:
e498fc392667527ce5d7d69294c0ed81
SHA1 hash:
8e5603295c7a3b7cad02ea04b305cc7c5f8bde4d
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
SH256 hash:
f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7
MD5 hash:
2311a69113104a760d785a79f45bab74
SHA1 hash:
32e883771883ba44715180e92a20c80638c5c78f
Link:
https://www.unpac.me/results/ba835a3f-e11c-4582-9008-fdc4f8444f39/
Malware family:
Equation Group
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f2af31b74bfe/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eternalblue
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
Rule name:upx_3
Create hunting rule
Author:Kevin Falcoz
Description:UPX 3.X
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Blackmoon

Executable exe f2af31b74bfe1648b8c06ce5b3869e81ce8caafe4a265e007af4036af3448ae7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2916093/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play MultimediaWINMM.dll::waveOutOpen
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments