MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 13


Intelligence 13 IOCs YARA 18 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784
SHA3-384 hash: aa3a79ea4b4654e8cf12456f379db73b5089198f5d447fcae4a99ee3fc47b9dc9f8fa91ee4bcede7c831cf4f22e8ab80
SHA1 hash: a0455c991097465812b773c4af249a4cc1fa4f22
MD5 hash: 9cb27cfb93a045806f5c92488172c807
humanhash: autumn-utah-lima-july
File name:SecuriteInfo.com.Trojan-Downloader.MSIL.Agent.14060.12812
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:10'199'623 bytes
First seen:2025-06-04 17:57:20 UTC
Last seen:2025-06-04 18:32:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8afb7dbddc4d76a6ff1b5559b62d7325 (3 x NetSupport, 2 x AsyncRAT)
ssdeep 196608:xrkCDFxgtiWe4/RSgOqTn9nBIzuZrSW+xHGoFlaVDK7/GQM6cL5f27b:NeiYRNXnDZrSF8oFYuTMi
TLSH T1EAA6AE30B647CD77CC8201B0993DEBAFA02C667D0B6550CBB2D86E6D29715E32739A53
TrID 38.6% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
29.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
9.7% (.EXE) Win64 Executable (generic) (10522/11/4)
6.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
dhash icon e4f4a494acb4b0a4 (6 x Stealc, 2 x MarsStealer, 2 x Formbook)
Reporter SecuriteInfoCom
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
412
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
SecuriteInfo.com.Trojan-Downloader.MSIL.Agent.14060.12812
Verdict:
Malicious activity
Analysis date:
2025-06-04 17:58:47 UTC
Tags:
github delphi asyncrat
Link:
https://app.any.run/tasks/e8c76619-33df-48df-97c1-686aee9dad7b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7358/
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68408a448bd5d68a12e53bc8
Tags:
shellcode emotet keylog word
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending a custom TCP request
Creating a file in the %AppData% directory
Creating a process from a recently created file
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Creating a file in the %AppData% subdirectories
Connection attempt
Unauthorized injection to a recently created process
Setting a global event handler for the keyboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug aspnet_compiler bash dotnet evasive expand expired-cert fingerprint lolbin microsoft_visual_cc overlay overlay packed packer_detected
Link:
https://www.filescan.io/uploads/6840891afd02ed5e05984b96/reports/5620ae24-45b8-4b78-a17f-8abdcc84dcc4/overview
Verdict:
Suspicious
Labled as:
Trojan.HTA
Link:
https://www.hybrid-analysis.com/sample/c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/efbf30e3-cfcc-43ea-bb2a-48e7945ac2d1
Result
Threat name:
AsyncRAT, VenomRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1706337
Signature
Allocates memory in foreign processes
Contains functionality to detect sleep reduction / modifications
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found malware configuration
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample uses string decryption to hide its real strings
Suricata IDS alerts for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AsyncRAT
Yara detected VenomRAT
Behaviour
Behavior Graph:
Download SVG
Score:
5%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhsd3xsapubp7ivqhbtiitxjqzawfu7bb2sqzt2yw5lktiipk6ca._file
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat family:donutloader botnet:default discovery loader rat
Link:
https://tria.ge/reports/250604-wjszmsck31/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Legitimate hosting services abused for malware hosting/C2
Executes dropped EXE
Async RAT payload
AsyncRat
Asyncrat family
Detects DonutLoader
DonutLoader
Donutloader family
Malware Config
C2 Extraction:
127.0.0.1:6606
89.84.63.139:6606
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e979803e-d00f-4165-ab6e-a97517e2d6d1
Unpacked files
SH256 hash:
c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784
MD5 hash:
9cb27cfb93a045806f5c92488172c807
SHA1 hash:
a0455c991097465812b773c4af249a4cc1fa4f22
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
9f683ee3e57082409f6e94d5384d7a9b07f78b84aa514f0463e226789b115d6d
MD5 hash:
a87972d52df945c3c714c537a63b1fa1
SHA1 hash:
edbcc362f11b75f887fe79b3552396c3466e785e
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
14b1efe022ccf4424545685e5a3aa39f8a348723d6c396784048d2ac8bbf9f33
MD5 hash:
7ae9395041b7887c4246b890d35d7529
SHA1 hash:
0aac1292b2a863a8fb45493636ffe7d9f2bc593d
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
498a52b8ee1858e7cd9fc56a49d9bcc9cc87d27002516772beb1ffeaeed23ef3
MD5 hash:
e07c5f59f740685fa123408d36ca9df7
SHA1 hash:
0d9aefcea6cb492c1aa3db3cf56f2adb23de9acd
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
7388e509bbd1d5dbd0ae2b918299ff3017fdecbef4eb5bbae0255b63d9c1a23a
MD5 hash:
68bed137df82651fb4c3a3a9178734a3
SHA1 hash:
0f9327b9d5f18ba0003fab7d2d4d83b41b8d7453
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
SUSP_NET_Shellcode_Loader_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
db716ff3f550d7e11ac687afc81922738eb60d398dafb2ce8dde063b3aa107aa
MD5 hash:
c8b00bf88543daaf0db8f7aea55a67a0
SHA1 hash:
18eee8961349a5df2172473b5a00b0d803acc2d6
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
3d8e92fda2d2360b29a35702a6cd6241e40596235479f241428ffd003395b16b
MD5 hash:
51da8ce4b679abdd914e0c530acfa094
SHA1 hash:
1a61dba8915b90f49b38e882f2ebe5a7204f7161
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
93349dcb84f98d54b9ebd59eb149a2d86a5847c111deafd840d25a874119d76e
MD5 hash:
a9f01df55b7b5a4e3a82796ec455847e
SHA1 hash:
32c26083aee719780e54320d1144e24b395f6358
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
2a7ced3a9b65d17f88ccd526bfca9659bd0e54c27fa9d09eeefe96a0bc05b9c3
MD5 hash:
a0efe6a76d44c3d4885549402b788037
SHA1 hash:
33cf5c6915d327aa377ce19c325466ec0168cb4d
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
2b95638708395a969ac485956adb3c63400fbdd8be274bc25b9bf1412f83a1e3
MD5 hash:
68f09b87804f5ded84cb71ebb433fd49
SHA1 hash:
4eec9bbfc1ff11da1674ca9d160afb76c74a9029
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
fd8f6d5ee7111724c12591ef698aa90c377ef0c7ac00df00fe49c3c70ba639ca
MD5 hash:
f3b3aa777ba347971e3a064084723790
SHA1 hash:
54c0fecc7eb785de61e1bb81b67aba9d92abfd8f
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
9cfd5a1b1885a7970baa8f38a91bac778676ea240b468607c76f56f4ed36678c
MD5 hash:
dccf7af5347fd071e3441f797eacb7cd
SHA1 hash:
625187e68a0c9a1243d3380174da041378b72601
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
3408f142b19149154c9358dfa1338d41ce3b6be8106ef9092076facd97167bde
MD5 hash:
087cb24f4cfcc5dc896a4164d541b053
SHA1 hash:
674e523428d60b2ec91e47cc1e40cb7f8253252f
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
f715a2d78b1d65e22ebbbee1fe9f925dd107f4bfe2d2f1ce87e23751dc73d880
MD5 hash:
642654cd5a2616d26d831fb483c27f08
SHA1 hash:
71b9f4155fd71a40ba8cd544c13ee9b31f8d251e
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
57a6ccdc86ba80d23197e30849a4eb983698e2a000839b05df908b82628e2a6a
MD5 hash:
0fbaa792599ae2166d564bd3726334df
SHA1 hash:
786351bd54998b30c92cf1de32c2e4c01f956613
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
dda09a9f85255cef6cbe42a9066ab25fa748d91a19bed586add305d7dea582c6
MD5 hash:
5acb926859c4ad63ccb58730da7a562d
SHA1 hash:
7f37091cdf1e8fa8dcc93044bf3150c87cfabdd0
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
7104223f48289e0123284bbf5441e2aeb050e4c39b841ea8d5a0979bf0abd8bc
MD5 hash:
0b25945de1744752361dbe4d09efd81f
SHA1 hash:
81e3093c6e7bd3c18ce7917cde523d0e2ec0d88d
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
dad61eee0dcf1fd55bb1f23427672a8a6e482b8494c1cef88fa48031c2e109e5
MD5 hash:
0b4bed015f38549ffc8c6d4b0648ae20
SHA1 hash:
88723a7507ddad3a95a85f95769061514acaec41
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
bc4fb68e14a259f949bf4ea35befd7ef4b32537bbca397e9b685c454e72e43d2
MD5 hash:
ae43fd9da6571b5c7a23d051a893326d
SHA1 hash:
8ab23e09584504628528fe5427c089703669c496
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
d2bc1466b0e1e9c4cf75064330c63e87c0020183d5c3f0d8cdae59da69fdb0b0
MD5 hash:
72f111cc245859b92bf709e9cc225229
SHA1 hash:
8f57af1db21e47c3add09a56775ff26fdbbe5592
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
995a27cf72de1baee07138f86ca0776b4748b1c1b28354f16b1499dbc754bf58
MD5 hash:
27f1cea00e7761b383c407ee9af690cc
SHA1 hash:
a0f5d551738615458e19a27e3393cb2585677750
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
3b635e5009be4e0c5f57fc4e17a63767806d138cd85725d306b601c1ec14a940
MD5 hash:
4753770a597979d7c6034b15b8c12a88
SHA1 hash:
a497fbb61e43bf7f7152d983f3c498460c8b0db4
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
bd4eded886e6db428264d61a993c826e85aae8eebd02deb3384978f4024d7a68
MD5 hash:
19eeab4b6cff82ac64f4a06d4d178b35
SHA1 hash:
a789cb2f467b613b052f1e765ec6e2b0604a4f28
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
5a06809f28b8955ee54730da1f69d328a49cec21d5a119bf13dda517973e2b6f
MD5 hash:
bc43431fc0c04f3ac62d007d28dad2aa
SHA1 hash:
aa7d50d36c93736c4d1d8aab52bbec9717c3fe33
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
d640d233f9ee98bc273c4c19686d792b93c15b1a675384ec8ee0ae9829fbef67
MD5 hash:
8048e9ac8046bc2ef7577756a65b9c96
SHA1 hash:
b67ead9ff51ed0f77e8eaad1a513e962dbf5d93a
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
82378224a0be73cf544eda4a6e4689f35a724ee4c279301e3bb8e2e0a82e547c
MD5 hash:
eb541d5f3de241adb868bb976c7942ca
SHA1 hash:
b7e52d81935a2fcfe9acb9eb0a94b871bac50779
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
af156bd796cded65bffe80b086422f38292b013b8ec01484efda8466f8acec1c
MD5 hash:
ea71d1dea5865eb2ffd4b75089470c5f
SHA1 hash:
c7a66a67ba4219163a49c55a7010993f76a0439d
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
a4d0a68e16015f20c28342bd853693568019287440872a13e3dbe3ae343162ff
MD5 hash:
be8d72737734089029386668c238a129
SHA1 hash:
cc1de062f9e34ca441e2f8794e4640fbac333287
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
8fcffc98c2566c32d3518c114078762045748576440ade701ffb0bcb34d126ae
MD5 hash:
5f3c65d74f691114a5c44890ac15a790
SHA1 hash:
d1d8dbe3d0ee0464702f2ed138c993328ec4927a
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
bd31886eeb9e66e0860e6440c63de76b1889fac3911e02738a038bd4926bd9c6
MD5 hash:
6c68521ae48a6e5de0a939655254b2c5
SHA1 hash:
d3f2021e73a61776843966fedeebd271baf8ef32
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
56d858d1c70a124462007fb1116282baabaa54c30684cee0abe30542660ffdb6
MD5 hash:
e7df87cec231a6820194a3154aca2754
SHA1 hash:
e2ec8d3a0e8b64226ae24605d5ad8c0d53c60289
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
62beee6cd8cfe99db57ae19356c5f9d6452f05a612d90dcd0d11ca6a61e16322
MD5 hash:
4a7629148d0b61e668586e570ffe01d8
SHA1 hash:
fc33090b17fe38a13a4eb9f488ce46d8549ad847
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
ecaff3f310a5933952833285e47f248cbdf262b3d97e73d2a05686e18975dc4f
MD5 hash:
8f06505c7833de73cd987cb2077e455d
SHA1 hash:
feb317b927e271be2127c04b75414e928fad2e0b
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
SH256 hash:
ad413daa4576dc205a2e9f60254b94e4d4eb59dbbdf5c089f4516a1ae28d9d3a
MD5 hash:
092895f06f1c8b27b51f9c5cd546c415
SHA1 hash:
ff4222d92d46b308c1380a87f11e6c388f4f132d
Link:
https://www.unpac.me/results/90b7f9f3-c26b-4087-93e3-ba7eb2ad887e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:ducktail
Create hunting rule
Author:Michelle Khalil
Description:This rule detects unpacked ducktail malware samples.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

Executable exe c9e43dde407d02ffa2b03866844ee9864162d3e10ea50ccf58b756a9a10f5784

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3558285/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/7358/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSidSubAuthorityCount
ADVAPI32.dll::GetSidSubAuthority
ADVAPI32.dll::RevertToSelf
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CreateStreamOnHGlobal
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetKernelObjectSecurity
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
ADVAPI32.dll::SetThreadToken
KERNEL32.dll::VirtualAllocExNuma
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetActiveProcessorGroupCount
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetSystemInfo
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::RemoveDirectoryW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegGetValueW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW

Comments