a581fdea0970f8a5b6cfec4853c802d7
Hash
- MD5: a581fdea0970f8a5b6cfec4853c802d7
- SHA1: c124f019ddaef2606a7394b0b9bf7ae1a05ecda4
- SHA256: 784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5
- First Seen: 2026-05-27
- Last Seen: 2026-05-27
-
2
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5"
},
"attributes": {
"ssdeep": "3072:r8uRux1zGhU6wibMK3Smb7+i03euYgstymoxSbwXckl34BJA:DAoUAbMK3XqzfTmMg+",
"unique_sources": 1,
"magika": "PEBIN",
"last_analysis_date": 1779356137,
"authentihash": "6db32971712138332c56dbf1b9c39af1cde5893f853180ce73103248caf7e111",
"total_votes": {
"harmless": 0,
"malicious": 0
},
"reputation": 0,
"pe_info": {
"timestamp": 1760488524,
"imphash": "0d6ed97a94c2e300faa4a67efa63ff9a",
"machine_type": 34404,
"entry_point": 38748,
"resource_details": [
{
"lang": "ENGLISH US",
"chi2": 1428.08,
"filetype": "XML",
"entropy": 4.885799884796143,
"sha256": "d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04",
"type": "RT_MANIFEST"
}
],
"resource_langs": {
"ENGLISH US": 1
},
"resource_types": {
"RT_MANIFEST": 1
},
"sections": [
{
"name": ".text",
"chi2": 926812.5,
"virtual_address": 4096,
"flags": "rx",
"raw_size": 158208,
"entropy": 6.52,
"virtual_size": 158064,
"md5": "d3fda0a52268ceb27ffaebed262753d7"
},
{
"name": ".rdata",
"chi2": 2893825.25,
"virtual_address": 163840,
"flags": "r",
"raw_size": 54272,
"entropy": 4.91,
"virtual_size": 54110,
"md5": "5625b783c3d552eb98a37dd43ef45125"
},
{
"name": ".data",
"chi2": 1111158.5,
"virtual_address": 221184,
"flags": "rw",
"raw_size": 13824,
"entropy": 4.43,
"virtual_size": 18292,
"md5": "488cd1f0dc43a326ab4ef44653a8a4a2"
},
{
"name": ".pdata",
"chi2": 215361.12,
"virtual_address": 241664,
"flags": "r",
"raw_size": 7168,
"entropy": 5.37,
"virtual_size": 7104,
"md5": "822e868588f51746a1379f738dd6f2db"
},
{
"name": "_RDATA",
"chi2": 58192.0,
"virtual_address": 249856,
"flags": "r",
"raw_size": 512,
"entropy": 2.76,
"virtual_size": 348,
"md5": "df4b5db66570b006289dc134bcbf5fdd"
},
{
"name": ".rsrc",
"chi2": 61549.0,
"virtual_address": 253952,
"flags": "r",
"raw_size": 512,
"entropy": 2.53,
"virtual_size": 248,
"md5": "2adf324d82644c0467493ec57775239f"
},
{
"name": ".reloc",
"chi2": 29256.5,
"virtual_address": 258048,
"flags": "r",
"raw_size": 2048,
"entropy": 5.01,
"virtual_size": 1720,
"md5": "98a245d164cb43106f90265440ab1f8f"
}
],
"exports": [
"hello"
],
"compiler_product_versions": [
"[ C ] VS2022 v17.1.0 pre 1.0 build 30818 count=15",
"[ASM] VS2022 v17.1.0 pre 1.0 build 30818 count=9",
"[C++] VS2022 v17.1.0 pre 1.0 build 30818 count=38",
"[---] Unmarked objects count=171",
"[LT+] VS2022 v17.1.0 pre 5.0 build 31104 count=9",
"[EXP] VS2022 v17.1.0 pre 5.0 build 31104 count=1",
"[RES] VS2022 v17.1.0 pre 5.0 build 31104 count=1",
"[LNK] VS2022 v17.1.0 pre 5.0 build 31104 count=1",
"id: 0x104, version: 27412 count=11",
"id: 0x103, version: 27412 count=5",
"id: 0x105, version: 27412 count=151",
"id: 0x101, version: 27412 count=25"
],
"rich_pe_header_hash": "cd7ca7293b80394b7056ad2a741b2989",
"import_list": [
{
"library_name": "KERNEL32.dll",
"imported_functions": [
"CloseHandle",
"CreateEventW",
"CreateFileW",
"CreateProcessW",
"CreateRemoteThread",
"CreateThread",
"DeleteCriticalSection",
"DeleteFileW",
"EncodePointer",
"EnterCriticalSection",
"ExitProcess",
"FindClose",
"FindFirstFileExW",
"FindNextFileW",
"FlushFileBuffers",
"FreeEnvironmentStringsW",
"FreeLibrary",
"GetACP",
"GetCommandLineA",
"GetCommandLineW",
"GetConsoleMode",
"GetConsoleOutputCP",
"GetCPInfo",
"GetCurrentDirectoryW",
"GetCurrentProcess",
"GetCurrentProcessId",
"GetCurrentThreadId",
"GetEnvironmentStringsW",
"GetExitCodeProcess",
"GetFileAttributesW",
"GetFileSize",
"GetFileSizeEx",
"GetFileTime",
"GetFileType",
"GetLastError",
"GetModuleFileNameA",
"GetModuleFileNameW",
"GetModuleHandleExW",
"GetModuleHandleW",
"GetOEMCP",
"GetProcAddress",
"GetProcessHeap",
"GetStartupInfoW",
"GetStdHandle",
"GetStringTypeW",
"GetSystemTimeAsFileTime",
"GetTempFileNameW",
"GetTempPathA",
"GetTempPathW",
"GetTickCount",
"HeapAlloc",
"HeapFree",
"HeapReAlloc",
"HeapSize",
"InitializeCriticalSectionAndSpinCount",
"InitializeSListHead",
"InterlockedFlushSList",
"IsDebuggerPresent",
"IsProcessorFeaturePresent",
"IsValidCodePage",
"LCMapStringW",
"LeaveCriticalSection",
"LoadLibraryA",
"LoadLibraryExW",
"LoadLibraryW",
"LocalAlloc",
"LocalFree",
"MoveFileW",
"MultiByteToWideChar",
"OpenProcess",
"QueryPerformanceCounter",
"RaiseException",
"ReadConsoleW",
"ReadFile",
"RtlCaptureContext",
"RtlLookupFunctionEntry",
"RtlPcToFileHeader",
"RtlUnwindEx",
"RtlVirtualUnwind",
"SetCurrentDirectoryW",
"SetEndOfFile",
"SetErrorMode",
"SetFilePointer",
"SetFilePointerEx",
"SetFileTime",
"SetLastError",
"SetStdHandle",
"SetUnhandledExceptionFilter",
"Sleep",
"TerminateProcess",
"TlsAlloc",
"TlsFree",
"TlsGetValue",
"TlsSetValue",
"UnhandledExceptionFilter",
"VirtualAllocEx",
"VirtualFree",
"WaitForSingleObject",
"WideCharToMultiByte",
"WriteConsoleW",
"WriteFile",
"WriteProcessMemory"
]
},
{
"library_name": "USER32.dll",
"imported_functions": [
"GetDC",
"GetDesktopWindow",
"GetSystemMetrics",
"ReleaseDC"
]
},
{
"library_name": "GDI32.dll",
"imported_functions": [
"BitBlt",
"CreateCompatibleBitmap",
"CreateCompatibleDC",
"DeleteDC",
"DeleteObject",
"GetDIBits",
"GetObjectA",
"SelectObject"
]
},
{
"library_name": "ADVAPI32.dll",
"imported_functions": [
"ConvertStringSidToSidW",
"CreateProcessAsUserW",
"DuplicateTokenEx",
"GetLengthSid",
"RegCloseKey",
"RegDeleteKeyValueW",
"RegOpenKeyExW",
"RegQueryValueExW",
"SetTokenInformation"
]
},
{
"library_name": "SHELL32.dll",
"imported_functions": [
"ShellExecuteA"
]
},
{
"library_name": "WININET.dll",
"imported_functions": [
"InternetCanonicalizeUrlW",
"InternetCrackUrlW"
]
},
{
"library_name": "WINHTTP.dll",
"imported_functions": [
"WinHttpAddRequestHeaders",
"WinHttpCloseHandle",
"WinHttpConnect",
"WinHttpOpen",
"WinHttpOpenRequest",
"WinHttpQueryDataAvailable",
"WinHttpReadData",
"WinHttpReceiveResponse",
"WinHttpSendRequest",
"WinHttpSetCredentials",
"WinHttpSetOption",
"WinHttpSetTimeouts",
"WinHttpWriteData"
]
},
{
"library_name": "urlmon.dll",
"imported_functions": [
"ObtainUserAgentString"
]
},
{
"library_name": "WTSAPI32.dll",
"imported_functions": [
"WTSEnumerateSessionsW",
"WTSFreeMemory",
"WTSQueryUserToken"
]
},
{
"library_name": "USERENV.dll",
"imported_functions": [
"CreateEnvironmentBlock",
"DestroyEnvironmentBlock"
]
},
{
"library_name": "WS2_32.dll",
"imported_functions": [
"connect",
"htons",
"inet_addr",
"socket",
"WSAStartup"
]
},
{
"library_name": "SHLWAPI.dll",
"imported_functions": [
"StrTrimW"
]
}
]
},
"crowdsourced_yara_results": [
{
"ruleset_id": "002460cdd6",
"ruleset_version": "002460cdd6|d1fd450ec7c73f71e829d8f39a46e82e73687778",
"ruleset_name": "NikiHTTP",
"rule_name": "NikiHTTP",
"match_date": 1779356368,
"description": "Identifies NikiHTTP aka HTTPSpy, a versatile backdoor by (likely) Kimsuky.",
"author": "@bartblaze, @nsquar3",
"source": "https://github.com/bartblaze/Yara-rules"
},
{
"ruleset_id": "01a5828531",
"ruleset_version": "01a5828531|834366aa118f4e231f6f835e1dd479dab29dc599",
"ruleset_name": "apt_kimsuky_validator_strings",
"rule_name": "apt_kimsuky_validator_strings",
"match_date": 1779356368,
"description": "Detects Kimsuky validator",
"author": "Sekoia.io",
"source": "https://github.com/SEKOIA-IO/Community"
}
],
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 37.0
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 28.6
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 11.5
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 11.3
},
{
"file_type": "DOS Executable (generic)",
"probability": 11.3
}
],
"tags": [
"64bits",
"pedll"
],
"meaningful_name": "br50eefk.exe",
"md5": "a581fdea0970f8a5b6cfec4853c802d7",
"magic": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"sandbox_verdicts": {
"C2AE": {
"category": "undetected",
"malware_classification": [
"UNKNOWN_VERDICT"
],
"sandbox_name": "C2AE"
}
},
"sha1": "c124f019ddaef2606a7394b0b9bf7ae1a05ecda4",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"pedll"
],
"last_submission_date": 1777335493,
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260520",
"category": "malicious",
"result": "W32.Malware.82E174B9"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Win32.Kimsuky.4!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Gen:Variant.Tedy.848315"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260521",
"category": "malicious",
"result": "dll.trojan.generic"
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260520",
"category": "malicious",
"result": "Trojan.Qwexlafiba"
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260520",
"category": "malicious",
"result": "BehavesLike.Win64.NetLoader.dh"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260521",
"category": "malicious",
"result": "Backdoor.Agent.gen"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260514",
"category": "malicious",
"result": "Unsafe"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260520",
"category": "malicious",
"result": "Gen:Variant.Tedy.848315"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260518",
"category": "malicious",
"result": "Trojan.Win32.Kimsuky.V8rf"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.53.59569",
"engine_update": "20260521",
"category": "malicious",
"result": "Riskware ( 00584baa1 )"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260521",
"category": "malicious",
"result": "Gen:Variant.Tedy.848315"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.53.59570",
"engine_update": "20260521",
"category": "malicious",
"result": "Riskware ( 00584baa1 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (W)"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1211",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Backdoor.Cobalt"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.261",
"engine_update": "20260513",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Win64/Kimsuky.BZ trojan"
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.780",
"engine_update": "20260519",
"category": "malicious",
"result": "Malicious"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260521",
"category": "malicious",
"result": "TROJ_FRS.VSNTDS26"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260521",
"category": "malicious",
"result": "generic.ml"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260521",
"category": "malicious",
"result": "Backdoor.Win32.Androm.wcxl"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Backdoor:Win64/Kimsuky.513a4c41"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Win.Z.Tedy.237568.C"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260521",
"category": "malicious",
"result": "Backdoor.Androm!8.113 (CLOUD)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.TR/W32.Kimsuky.AJ"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5605",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260521",
"category": "malicious",
"result": "TROJ_FRS.VSNTDS26"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260521",
"category": "malicious",
"result": "ti!784D9273C75E"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Suspicious PE"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "malicious",
"result": "malicious.moderate.ml.score"
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260521",
"category": "malicious",
"result": "Gen:Variant.Tedy.848315 (B)"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Win64.Kimsuky"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44620AVA:64.31282",
"engine_update": "20260521",
"category": "malicious",
"result": "Gen:Variant.Tedy.848315"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "malicious",
"result": "W32.Malware.gen"
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1779350543",
"engine_update": "20260521",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260521",
"category": "malicious",
"result": "TR/W32.Kimsuky.AJ"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260521",
"category": "malicious",
"result": "W64/ABTrojan.YTXW-6237"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan[Backdoor]/Win32.Androm"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.245.174",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Win64.Agent.sa"
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38664",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Tedy.DCF1BB"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260519",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.24-114821029",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan:Win32/Qwexlafiba!rfn"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260521",
"category": "malicious",
"result": "Malicious (score: 100)"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260521",
"category": "malicious",
"result": "Backdoor/Win.Agent.R719112"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-21.02",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan/W64.Agent.237568.K"
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260516",
"category": "malicious",
"result": "MALICIOUS"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260521",
"category": "malicious",
"result": "Malware.AI.665580343"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260521",
"category": "malicious",
"result": "Malware.Win32.Gencirc.14ada8b4"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260520",
"category": "malicious",
"result": "Artemis!A581FDEA0970"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "f636d97:f636d97:c5be5fe:c5be5fe",
"engine_update": "20260520",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260521",
"category": "malicious",
"result": "Trojan.Malware.326501924.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260521",
"category": "malicious",
"result": "W32/PossibleThreat"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "Win32:Kimsuky-AJ [Trj]"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "Win32:Kimsuky-AJ [Trj]"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor:Win/Kimsuky.BO"
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260520",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260521-00",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
}
},
"type_tag": "pedll",
"type_description": "Win32 DLL",
"tlsh": "T18A349E8577A40CF9EC7BC279C8678661E67278010B24DA9F03A0077A9F2F7E1563DB61",
"filecondis": {
"dhash": "787c3c3c2c150400",
"raw_md5": "6368c8d67b8edb2b625a4ce2d0b2f169"
},
"creation_date": 1760488524,
"times_submitted": 1,
"last_modification_date": 1779363566,
"vhash": "125076655d155515155095z80066hz10101041z21z56z1",
"names": [
"br50eefk.exe"
],
"first_submission_date": 1777335493,
"sha256": "784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5",
"detectiteasy": {
"filetype": "PE64",
"values": [
{
"info": "LTCG/C++",
"version": "19.31.31104",
"type": "Compiler",
"name": "Microsoft Visual C/C++"
},
{
"version": "14.31.31104",
"type": "Linker",
"name": "Microsoft Linker"
},
{
"version": "2022 version 17.1",
"type": "Tool",
"name": "Visual Studio"
}
]
},
"size": 237568,
"popular_threat_classification": {
"popular_threat_name": [
{
"count": 10,
"value": "kimsuky"
},
{
"count": 7,
"value": "tedy"
},
{
"count": 3,
"value": "androm"
}
],
"popular_threat_category": [
{
"count": 24,
"value": "trojan"
},
{
"count": 2,
"value": "pua"
}
],
"suggested_threat_label": "trojan.kimsuky/tedy"
},
"last_analysis_stats": {
"malicious": 53,
"suspicious": 0,
"undetected": 18,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 0,
"type-unsupported": 4
},
"type_extension": "dll"
}
}
}