| 16.2.dajivhqI.pif.46b268.1.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
| 16.1.dajivhqI.pif.438038.2.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1bcb0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f2b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1d98a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1d5d0:$s5: delete[]
- 0x1ca88:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.400000.0.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.2993e390.7.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.2993e390.7.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 11.2.csrss.exe.218d9ba8.7.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x502e0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x332b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x33930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x51fba:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x51c00:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
- 0x510b8:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.28551936.4.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.28551936.4.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.400000.0.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x1300:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1fdd0:$s5: delete[]
- 0x1f288:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.438038.2.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1bcb0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f2b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1d98a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1d5d0:$s5: delete[]
- 0x1ca88:$s6: constructor or from DllMain.
|
| 11.2.csrss.exe.247e118.0.raw.unpack | JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.2b4e0000.10.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.29915570.9.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1b79c:$a1: get_encryptedPassword
- 0x1b770:$a2: get_encryptedUsername
- 0x1b834:$a3: get_timePasswordChanged
- 0x1b74c:$a4: get_passwordField
- 0x1b7b2:$a5: set_encryptedPassword
- 0x1b57f:$a7: get_logins
- 0x1ab09:$a8: GetOutlookPasswords
- 0x1a01d:$a9: StartKeylogger
- 0x18a77:$a10: KeyLoggerEventArgs
- 0x18a46:$a11: KeyLoggerEventArgsEventHandler
- 0x1b653:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.29915570.9.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1fe97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1f395:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1f6a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x2049b:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.287c0000.5.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1b79c:$a1: get_encryptedPassword
- 0x1b770:$a2: get_encryptedUsername
- 0x1b834:$a3: get_timePasswordChanged
- 0x1b74c:$a4: get_passwordField
- 0x1b7b2:$a5: set_encryptedPassword
- 0x1b57f:$a7: get_logins
- 0x1ab09:$a8: GetOutlookPasswords
- 0x1a01d:$a9: StartKeylogger
- 0x18a77:$a10: KeyLoggerEventArgs
- 0x18a46:$a11: KeyLoggerEventArgsEventHandler
- 0x1b653:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.287c0000.5.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1fe97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1f395:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1f6a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x2049b:$a5: \Kometa\User Data\Default\Login Data
|
| 16.1.dajivhqI.pif.400000.1.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
| 16.1.dajivhqI.pif.438038.2.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x502e0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x332b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x33930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x51fba:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x51c00:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
- 0x510b8:$s6: constructor or from DllMain.
|
| 16.1.dajivhqI.pif.400000.1.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x1300:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1fdd0:$s5: delete[]
- 0x1f288:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.28551936.4.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1d59c:$a1: get_encryptedPassword
- 0x1d570:$a2: get_encryptedUsername
- 0x1d634:$a3: get_timePasswordChanged
- 0x1d54c:$a4: get_passwordField
- 0x1d5b2:$a5: set_encryptedPassword
- 0x1d37f:$a7: get_logins
- 0x1c909:$a8: GetOutlookPasswords
- 0x1be1d:$a9: StartKeylogger
- 0x1a877:$a10: KeyLoggerEventArgs
- 0x1a846:$a11: KeyLoggerEventArgsEventHandler
- 0x1d453:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.287c0000.5.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x21c97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x21195:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x214a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x2229b:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1d59c:$a1: get_encryptedPassword
- 0x1d570:$a2: get_encryptedUsername
- 0x1d634:$a3: get_timePasswordChanged
- 0x1d54c:$a4: get_passwordField
- 0x1d5b2:$a5: set_encryptedPassword
- 0x1d37f:$a7: get_logins
- 0x1c909:$a8: GetOutlookPasswords
- 0x1be1d:$a9: StartKeylogger
- 0x1a877:$a10: KeyLoggerEventArgs
- 0x1a846:$a11: KeyLoggerEventArgsEventHandler
- 0x1d453:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.28550a4e.3.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x21c97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x21195:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x214a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x2229b:$a5: \Kometa\User Data\Default\Login Data
|
| 16.1.dajivhqI.pif.46b268.0.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.2b4e0000.10.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.3.dajivhqI.pif.26abd218.0.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.3.dajivhqI.pif.26abd218.0.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 11.2.csrss.exe.247e118.0.unpack | JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security | |
| 11.2.csrss.exe.218d9ba8.7.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1bcb0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f2b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x2f930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1d98a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1d5d0:$s5: delete[]
- 0x1ca88:$s6: constructor or from DllMain.
|
| 11.2.csrss.exe.2190cdd8.6.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.29916458.8.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.29916458.8.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1d59c:$a1: get_encryptedPassword
- 0x454d4:$a1: get_encryptedPassword
- 0x1d570:$a2: get_encryptedUsername
- 0x454a8:$a2: get_encryptedUsername
- 0x1d634:$a3: get_timePasswordChanged
- 0x4556c:$a3: get_timePasswordChanged
- 0x1d54c:$a4: get_passwordField
- 0x45484:$a4: get_passwordField
- 0x1d5b2:$a5: set_encryptedPassword
- 0x454ea:$a5: set_encryptedPassword
- 0x1d37f:$a7: get_logins
- 0x452b7:$a7: get_logins
- 0x1c909:$a8: GetOutlookPasswords
- 0x44841:$a8: GetOutlookPasswords
- 0x1be1d:$a9: StartKeylogger
- 0x43d55:$a9: StartKeylogger
- 0x1a877:$a10: KeyLoggerEventArgs
- 0x427af:$a10: KeyLoggerEventArgs
- 0x1a846:$a11: KeyLoggerEventArgsEventHandler
- 0x4277e:$a11: KeyLoggerEventArgsEventHandler
- 0x1d453:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.29915570.9.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x21c97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x49bcf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x21195:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x490cd:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x214a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x493db:$a4: \Orbitum\User Data\Default\Login Data
- 0x2229b:$a5: \Kometa\User Data\Default\Login Data
- 0x4a1d3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.28550a4e.3.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1b79c:$a1: get_encryptedPassword
- 0x1b770:$a2: get_encryptedUsername
- 0x1b834:$a3: get_timePasswordChanged
- 0x1b74c:$a4: get_passwordField
- 0x1b7b2:$a5: set_encryptedPassword
- 0x1b57f:$a7: get_logins
- 0x1ab09:$a8: GetOutlookPasswords
- 0x1a01d:$a9: StartKeylogger
- 0x18a77:$a10: KeyLoggerEventArgs
- 0x18a46:$a11: KeyLoggerEventArgsEventHandler
- 0x1b653:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.28550a4e.3.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1fe97:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1f395:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1f6a3:$a4: \Orbitum\User Data\Default\Login Data
- 0x2049b:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.3.dajivhqI.pif.26abd218.0.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
|
| 11.2.csrss.exe.2e90000.4.unpack | JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1a8b4:$a1: get_encryptedPassword
- 0x1a888:$a2: get_encryptedUsername
- 0x1a94c:$a3: get_timePasswordChanged
- 0x1a864:$a4: get_passwordField
- 0x1a8ca:$a5: set_encryptedPassword
- 0x1a697:$a7: get_logins
- 0x19c21:$a8: GetOutlookPasswords
- 0x19135:$a9: StartKeylogger
- 0x17b8f:$a10: KeyLoggerEventArgs
- 0x17b5e:$a11: KeyLoggerEventArgsEventHandler
- 0x1a76b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.287c0ee8.6.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x1efaf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x1e4ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x1e7bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x1f5b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.438038.2.raw.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x502e0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x332b0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x33930:$s3: 83 EC 38 53 B0 18 88 44 24 2B 88 44 24 2F B0 6E 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x51fba:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x51c00:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
- 0x510b8:$s6: constructor or from DllMain.
|
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.2993e390.7.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
|
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown | - 0x1c6b4:$a1: get_encryptedPassword
- 0x445ec:$a1: get_encryptedPassword
- 0x1c688:$a2: get_encryptedUsername
- 0x445c0:$a2: get_encryptedUsername
- 0x1c74c:$a3: get_timePasswordChanged
- 0x44684:$a3: get_timePasswordChanged
- 0x1c664:$a4: get_passwordField
- 0x4459c:$a4: get_passwordField
- 0x1c6ca:$a5: set_encryptedPassword
- 0x44602:$a5: set_encryptedPassword
- 0x1c497:$a7: get_logins
- 0x443cf:$a7: get_logins
- 0x1ba21:$a8: GetOutlookPasswords
- 0x43959:$a8: GetOutlookPasswords
- 0x1af35:$a9: StartKeylogger
- 0x42e6d:$a9: StartKeylogger
- 0x1998f:$a10: KeyLoggerEventArgs
- 0x418c7:$a10: KeyLoggerEventArgs
- 0x1995e:$a11: KeyLoggerEventArgsEventHandler
- 0x41896:$a11: KeyLoggerEventArgsEventHandler
- 0x1c56b:$a13: _encryptedPassword
|
| 16.2.dajivhqI.pif.29916458.8.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x20daf:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x48ce7:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x202ad:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x481e5:$a3: \Google\Chrome\User Data\Default\Login Data
- 0x205bb:$a4: \Orbitum\User Data\Default\Login Data
- 0x484f3:$a4: \Orbitum\User Data\Default\Login Data
- 0x213b3:$a5: \Kometa\User Data\Default\Login Data
- 0x492eb:$a5: \Kometa\User Data\Default\Login Data
|
| Click to see the 137 entries |
Edit tour
mshta.exe (PID: 7800 cmdline: 
cmd.exe (PID: 7916 cmdline: 
powershell.exe (PID: 7120 cmdline: 
csc.exe (PID: 6340 cmdline: 
csrss.exe (PID: 1812 cmdline: 
dajivhqI.pif (PID: 7196 cmdline: 
