bfd66efdcafb9d24ed9f0e2f733b129c
Hash
- MD5: bfd66efdcafb9d24ed9f0e2f733b129c
- SHA1: 352c579544232b5efc90f05f4171b93adb5ad359
- SHA256: 09cc7c879b7facbda5349a8d273f8fac6b9be8c3f9927820bcd04583114564eb
- First Seen: 2026-06-03
- Last Seen: 2026-06-03
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "09cc7c879b7facbda5349a8d273f8fac6b9be8c3f9927820bcd04583114564eb",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/09cc7c879b7facbda5349a8d273f8fac6b9be8c3f9927820bcd04583114564eb"
},
"attributes": {
"times_submitted": 3,
"unique_sources": 2,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"crowdsourced_ids_results": [
{
"rule_category": "Potentially Bad Traffic",
"alert_severity": "low",
"rule_msg": "ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1",
"rule_id": "1:2018358",
"rule_source": "Proofpoint Emerging Threats Open",
"rule_url": "https://rules.emergingthreats.net/",
"rule_raw": "alert http $HOME_NET any -> $EXTERNAL_NET any (msg:\"ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1\"; flow:established,to_server; http.method; content:\"POST\"; http.user_agent; content:\"|20|MSIE|20|\"; nocase; fast_pattern; content:!\"Mozilla/4.0 (compatible|3b 20|MSIE|20|6.0|3b 20|DynGate)\"; content:!\"Windows Live Messenger\"; content:!\"MS Web Services Client Protocol\"; http.host; content:!\"groove.microsoft.com\"; pcre:\"/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\"; http.request_body; content:!\"grooveDNS|3a|//\"; http.header_names; content:!\"X-Requested-With\"; nocase; content:!\"Accept-Encoding\"; content:!\"Referer\"; classtype:bad-unknown; sid:2018358; rev:11; metadata:created_at 2014_04_04, performance_impact Significant, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_22;)",
"alert_context": [
{
"dest_ip": "206.71.148.38",
"dest_port": 80,
"hostname": "206.71.148.38",
"url": "http://206.71.148.38/board.php"
}
]
}
],
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 37.0
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 28.6
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 11.5
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 11.3
},
{
"file_type": "DOS Executable (generic)",
"probability": 11.3
}
],
"authentihash": "c451a68b50854c4508e3f87c714124e22ba9399cc641e1892540d1febef5b08e",
"sigma_analysis_results": [
{
"rule_level": "medium",
"rule_id": "4725cdcf2dfdd90c3aa0d331fae77d6ac8021c254701744a01444af04e9a0e69",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Rundll32 Internet Connection",
"rule_description": "Detects a rundll32 that communicates with public IP addresses",
"rule_author": "Florian Roth (Nextron Systems)",
"match_context": [
{
"values": {
"SourceIsIpv6": "false",
"DestinationPort": "80",
"DestinationIp": "206.71.148.38",
"Protocol": "tcp",
"SourceIp": "192.168.122.100",
"DestinationIsIpv6": "false",
"EventID": "3",
"Image": "C:\\Windows\\system32\\rundll32.exe",
"SourcePort": "49705",
"Initiated": "true"
}
}
]
}
],
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"pedll"
],
"tlsh": "T111D59E4A67FC80A0DAAAD079CA174E4FD7B1F8510171D78F01689B8FAF77322462B365",
"type_tag": "pedll",
"crowdsourced_ids_stats": {
"high": 0,
"medium": 0,
"low": 1,
"info": 0
},
"vhash": "126076655d7565151550f4z6200b16z230f5zb0600e53z18z4",
"popular_threat_classification": {
"popular_threat_name": [
{
"value": "nukesped",
"count": 8
},
{
"value": "lazarus",
"count": 2
},
{
"value": "usblf426",
"count": 2
}
],
"suggested_threat_label": "trojan.nukesped/lazarus",
"popular_threat_category": [
{
"value": "trojan",
"count": 13
},
{
"value": "dropper",
"count": 1
}
]
},
"type_extension": "dll",
"md5": "bfd66efdcafb9d24ed9f0e2f733b129c",
"names": [
"WaveTest",
"WaveTest.EXE",
"Wave.dat",
"akfdsup.exe"
],
"sigma_analysis_stats": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0
},
"pe_info": {
"timestamp": 1764559580,
"imphash": "f576959c84b33eac80e1605c229ba3f2",
"machine_type": 34404,
"entry_point": 1713380,
"resource_details": [
{
"lang": "KOREAN",
"chi2": 20527.75,
"filetype": "unknown",
"entropy": 3.026951551437378,
"sha256": "fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 18573.42,
"filetype": "unknown",
"entropy": 2.7427444458007812,
"sha256": "f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 25932.0,
"filetype": "unknown",
"entropy": 2.3403780460357666,
"sha256": "652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 25714.24,
"filetype": "unknown",
"entropy": 2.3400356769561768,
"sha256": "0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 23739.37,
"filetype": "unknown",
"entropy": 2.5164902210235596,
"sha256": "368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 24244.72,
"filetype": "unknown",
"entropy": 2.4540092945098877,
"sha256": "6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 26429.05,
"filetype": "unknown",
"entropy": 2.348637342453003,
"sha256": "9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 26435.7,
"filetype": "unknown",
"entropy": 2.345054864883423,
"sha256": "322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 26429.05,
"filetype": "unknown",
"entropy": 2.348637342453003,
"sha256": "8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 26837.98,
"filetype": "unknown",
"entropy": 2.3111374378204346,
"sha256": "f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 16714.33,
"filetype": "unknown",
"entropy": 3.3360934257507324,
"sha256": "601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 20248.46,
"filetype": "unknown",
"entropy": 2.8131332397460938,
"sha256": "2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 11233.61,
"filetype": "unknown",
"entropy": 3.8149096965789795,
"sha256": "cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 30412.0,
"filetype": "unknown",
"entropy": 2.1001555919647217,
"sha256": "c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 31043.69,
"filetype": "unknown",
"entropy": 1.9705222845077515,
"sha256": "f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 28832.78,
"filetype": "unknown",
"entropy": 2.2269911766052246,
"sha256": "ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c",
"type": "RT_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 15874.44,
"filetype": "unknown",
"entropy": 2.236664295196533,
"sha256": "e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272",
"type": "RT_BITMAP"
},
{
"lang": "KOREAN",
"chi2": 15870.37,
"filetype": "unknown",
"entropy": 2.876206636428833,
"sha256": "abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864",
"type": "RT_BITMAP"
},
{
"lang": "KOREAN",
"chi2": 47569.81,
"filetype": "unknown",
"entropy": 2.8239495754241943,
"sha256": "4b42002e026584d79a8700d247397e8b39d79744fa6dabdfde9d2ab80ae7e238",
"type": "RT_ICON"
},
{
"lang": "KOREAN",
"chi2": 26769.08,
"filetype": "unknown",
"entropy": 2.5584399700164795,
"sha256": "ffd9b48eeb36e492268056fa57ec0106406baf928a35afecd3af7a7e9c5fa2b5",
"type": "RT_ICON"
},
{
"lang": "KOREAN",
"chi2": 54967.66,
"filetype": "unknown",
"entropy": 2.402796745300293,
"sha256": "c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d",
"type": "RT_ICON"
},
{
"lang": "KOREAN",
"chi2": 21908.54,
"filetype": "unknown",
"entropy": 2.688976764678955,
"sha256": "3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9",
"type": "RT_ICON"
},
{
"lang": "KOREAN",
"chi2": 23514.92,
"filetype": "unknown",
"entropy": 4.12849760055542,
"sha256": "35c607c3ae338bca6a5a2a453643f426b510337c448f6e588e3ad1f75945dbcf",
"type": "RT_MENU"
},
{
"lang": "KOREAN",
"chi2": 16841.41,
"filetype": "unknown",
"entropy": 3.5314180850982666,
"sha256": "87d2140a02fa2465fbcc19d22b09ecfb18a1957fe9071c64e6a9000f1ef7e9a5",
"type": "RT_DIALOG"
},
{
"lang": "KOREAN",
"chi2": 16593.24,
"filetype": "unknown",
"entropy": 3.6956348419189453,
"sha256": "23d2d3138165097bdc35867b83feffa529f52568eebf4d47221ddefc56da10cc",
"type": "RT_DIALOG"
},
{
"lang": "KOREAN",
"chi2": 5156.61,
"filetype": "unknown",
"entropy": 2.378230094909668,
"sha256": "523ea50fc15e3aefdca6352a217c8553ff9a0f7841676e8a1efd90310ce5beb6",
"type": "RT_DIALOG"
},
{
"lang": "KOREAN",
"chi2": 13296.47,
"filetype": "unknown",
"entropy": 2.441452980041504,
"sha256": "c4b7cb7b04af6846883ae910e20b050bab0f2cb1cad1e5d038645f5d1ef9cc50",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 7509.84,
"filetype": "unknown",
"entropy": 1.6979262828826904,
"sha256": "a9897cc3ec817a18221e5a52094bab300625f5123f83302d2be3de891e7fdc2a",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4591.09,
"filetype": "unknown",
"entropy": 4.522435188293457,
"sha256": "a12839a81b35a563ec08d80f2cd0b49a6da97bdaf5e3077ab1a3e59cf39b2968",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 5824.0,
"filetype": "unknown",
"entropy": 3.884183645248413,
"sha256": "ad0c1da35eec6bbe369bee202f7371c1b0c3ae82fe606e58d074bc4e43f05b88",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4783.62,
"filetype": "unknown",
"entropy": 5.434944152832031,
"sha256": "32d7017020b8a708b5db7ecadce9151eec8b2dc5636bb69e7acb0d8c7013daa4",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4922.12,
"filetype": "unknown",
"entropy": 2.968111515045166,
"sha256": "67fb641029c88648662a7ffaeb69d062b56fefd7a51ac0b0263bb0b63b1eb4ac",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4238.86,
"filetype": "unknown",
"entropy": 4.561519622802734,
"sha256": "fbe5eb5cef8cd79cfe7e6ef83b6d8466a36e177547e372ef1e1b9e495cf09a0d",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4241.76,
"filetype": "unknown",
"entropy": 3.489252805709839,
"sha256": "69d6593787ea1a5d4dbbc6802710d914ee0fcb5950b7b306911652e4d97a6c82",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 7551.49,
"filetype": "unknown",
"entropy": 2.2685282230377197,
"sha256": "6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 3894.06,
"filetype": "unknown",
"entropy": 4.929715156555176,
"sha256": "8b2c8443d9887369f6f6edaed33241bff1352b0fee9293bdeb15026c46975537",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 3816.0,
"filetype": "unknown",
"entropy": 3.861201286315918,
"sha256": "a3c1522cdd6125db88b79f59265279d478ba24c4c350ff7ce30a4f6acf1139ab",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4277.54,
"filetype": "unknown",
"entropy": 3.9918839931488037,
"sha256": "38cdc5db01bfa8c0a925fced033c038f59ac7a2cfc59ced44b4d51397a85b905",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 6866.0,
"filetype": "unknown",
"entropy": 1.4904119968414307,
"sha256": "9d668cb78530e68516738bc73d302d3b69e7a700d3baee2bf4e9c93a63b0a16c",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4254.62,
"filetype": "unknown",
"entropy": 4.761507034301758,
"sha256": "0f16e6c11184413f3922e98b69681fbd29dd040b0ba6b0a8839fd6df96b0d277",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 9405.8,
"filetype": "unknown",
"entropy": 5.437719821929932,
"sha256": "71f7eeb9bf07b44138aaad401d8fdffdf165f85e1909e784c3b54293708d006c",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 6194.57,
"filetype": "unknown",
"entropy": 4.851254463195801,
"sha256": "c1035df0e4769a67e3cf308b5078df240b9fb6c84015ef6f6fd682eb884bdd2b",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 7908.38,
"filetype": "unknown",
"entropy": 5.081751346588135,
"sha256": "32e213e8329f50c0bcd8f32d8de1dce6756c7924e43c01d1bcab0699150b60c0",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 5183.38,
"filetype": "unknown",
"entropy": 3.882098913192749,
"sha256": "6abc7355a652ed8ea1a3fccb557ab0f69e8dbddb4f5b3f283006516e710b98a0",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4605.05,
"filetype": "unknown",
"entropy": 3.7045280933380127,
"sha256": "7819d5bf81739cb8991c17318c39847f47551e3aaba53dc4de61df2dcb58cb8a",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 4315.64,
"filetype": "unknown",
"entropy": 4.548914432525635,
"sha256": "e584eaa1fd8fa6dd4f2223e1a8e27b42c9257a389f19eafa895d8922ea4aa124",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 11055.2,
"filetype": "unknown",
"entropy": 5.242377758026123,
"sha256": "a2c6bcfbeff5214fb3ec4b1291fc5ea3f304b69b29dd5ebd61d0c75a9bcd26af",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 6734.06,
"filetype": "unknown",
"entropy": 4.927366256713867,
"sha256": "b2f0dc1047423fd7ec797ee0f115651b67dd9167e6ec4c71d0e3bfa04d373b09",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 6833.33,
"filetype": "unknown",
"entropy": 0.9038115739822388,
"sha256": "5baef1f597537259bdf637d8f645938bdf0ad52d4cd09fa576646e0b9269b206",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 9587.76,
"filetype": "unknown",
"entropy": 5.245639801025391,
"sha256": "90a4a0deb80e1ff775ecdc183e4c3d730f4db63c1c4aaaca1e06d7781dbd8f7c",
"type": "RT_STRING"
},
{
"lang": "KOREAN",
"chi2": 7497.23,
"filetype": "unknown",
"entropy": 2.9342329502105713,
"sha256": "eaa5785120c673fbbb7d773828d53966fa2ebc224de9c3ed3ec6a046c2f962e6",
"type": "RT_ACCELERATOR"
},
{
"lang": "KOREAN",
"chi2": 2977.76,
"filetype": "unknown",
"entropy": 2.254513740539551,
"sha256": "bb88f756ae5fa20409bbc7bc8e0bd3a7d04838dee9eb76559d5927350604d196",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "8a495f17bc472bfc5e6923d9efa687848fac027ad60694f9c3f10a4f7b194924",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "28b8110695851e5280ff55cb78507b03e8b74dd370b8e122179c82b56f7e5f37",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "9c17b4621412d6ded24a76aed74d4425ae61f86b6d4092ca1e28ca66b7c71399",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "ec26c438d10e3e84ec855c47f07a176e6c11bbfae1557d526490711b80f087fe",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "a2f0549cca7170ae03ba042464efe62365fba38c20049e439871c9e5ce0f914f",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 1797.6,
"filetype": "unknown",
"entropy": 2.0192408561706543,
"sha256": "b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "KOREAN",
"chi2": 2345.29,
"filetype": "ICO",
"entropy": 2.370859146118164,
"sha256": "b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b",
"type": "RT_GROUP_ICON"
},
{
"lang": "KOREAN",
"chi2": 2285.06,
"filetype": "ICO",
"entropy": 2.477025032043457,
"sha256": "cd07dc2185fca682e34141b058a2b4794bfde621a0e355e6e7080686a8c78750",
"type": "RT_GROUP_ICON"
},
{
"lang": "KOREAN",
"chi2": 59481.93,
"filetype": "unknown",
"entropy": 3.522437334060669,
"sha256": "7843963e135d008635cc844a875b7db00bc062cf74ccecba8a8ee2476d3b5599",
"type": "RT_VERSION"
},
{
"lang": "ENGLISH US",
"chi2": 5126.04,
"filetype": "unknown",
"entropy": 5.043781757354736,
"sha256": "59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa",
"type": "RT_MANIFEST"
}
],
"resource_langs": {
"KOREAN": 69,
"ENGLISH US": 1
},
"resource_types": {
"RT_DIALOG": 3,
"RT_GROUP_CURSOR": 15,
"RT_ICON": 4,
"RT_MANIFEST": 1,
"RT_STRING": 24,
"RT_MENU": 1,
"RT_ACCELERATOR": 1,
"RT_BITMAP": 2,
"RT_CURSOR": 16,
"RT_VERSION": 1,
"RT_GROUP_ICON": 2
},
"sections": [
{
"name": ".text",
"chi2": 13949165.0,
"virtual_address": 4096,
"flags": "rx",
"raw_size": 1888768,
"entropy": 6.38,
"virtual_size": 1888768,
"md5": "5db1f77591505e9ac8672b752b78efcb"
},
{
"name": ".rdata",
"chi2": 29452892.0,
"virtual_address": 1896448,
"flags": "r",
"raw_size": 545792,
"entropy": 4.66,
"virtual_size": 545686,
"md5": "ea6b66797ab986554a24d7447eac029f"
},
{
"name": ".data",
"chi2": 413141.75,
"virtual_address": 2445312,
"flags": "rw",
"raw_size": 216064,
"entropy": 7.37,
"virtual_size": 246036,
"md5": "d4b5030296d4a7196e020a2b3f56fa4a"
},
{
"name": ".pdata",
"chi2": 1711054.38,
"virtual_address": 2695168,
"flags": "r",
"raw_size": 89600,
"entropy": 6.08,
"virtual_size": 89496,
"md5": "77a9cb27348ce1ebad0fa5b10d19b9a6"
},
{
"name": "_RDATA",
"chi2": 85160.0,
"virtual_address": 2785280,
"flags": "r",
"raw_size": 512,
"entropy": 1.43,
"virtual_size": 148,
"md5": "c88c4aeaada0392e6162818428bd391a"
},
{
"name": ".rsrc",
"chi2": 1073196.5,
"virtual_address": 2789376,
"flags": "r",
"raw_size": 20480,
"entropy": 4.5,
"virtual_size": 20288,
"md5": "06dca5e5e9dd2c7e1ca673ed180d31c1"
},
{
"name": ".reloc",
"chi2": 335884.94,
"virtual_address": 2809856,
"flags": "r",
"raw_size": 61952,
"entropy": 5.44,
"virtual_size": 61948,
"md5": "cf3e76a4faa9d3604e128b767f26236e"
}
],
"exports": [
"??0CDimensionException@@QEAA@XZ",
"??4CDimensionException@@QEAAAEAU0@$$QEAU0@@Z",
"??4CDimensionException@@QEAAAEAU0@AEBU0@@Z",
"DllInitClassOBJ"
],
"compiler_product_versions": [
"[---] Unmarked objects count=792",
"[C++] VS2019 v16.7.1 build 29111 count=5",
"[EXP] VS2019 v16.7.1 build 29111 count=1",
"[RES] VS2019 v16.7.1 build 29111 count=1",
"[---] Resource count=1",
"[LNK] VS2019 v16.7.1 build 29111 count=1",
"id: 0x103, version: 27412 count=15",
"id: 0x104, version: 27412 count=31",
"id: 0x105, version: 27412 count=206",
"id: 0x106, version: 27412 count=3",
"id: 0x101, version: 27412 count=33",
"id: 0x104, version: 28920 count=16",
"id: 0x103, version: 28920 count=10",
"id: 0x105, version: 28920 count=354"
],
"rich_pe_header_hash": "167dfa36668b826f62465b2703f8b086",
"import_list": [
{
"library_name": "KERNEL32.dll",
"imported_functions": [
"ActivateActCtx",
"CloseHandle",
"CompareStringA",
"CompareStringW",
"CopyFileA",
"CreateActCtxW",
"CreateEventW",
"CreateFileA",
"CreateFileW",
"CreateThread",
"DeactivateActCtx",
"DecodePointer",
"DeleteCriticalSection",
"DeleteFileA",
"DuplicateHandle",
"EncodePointer",
"EnterCriticalSection",
"ExitProcess",
"ExitThread",
"FileTimeToLocalFileTime",
"FileTimeToSystemTime",
"FindActCtxSectionStringW",
"FindClose",
"FindFirstFileA",
"FindFirstFileExW",
"FindNextFileW",
"FindResourceA",
"FindResourceExW",
"FindResourceW",
"FlushFileBuffers",
"FormatMessageA",
"FreeEnvironmentStringsW",
"FreeLibrary",
"FreeLibraryAndExitThread",
"GetACP",
"GetCommandLineA",
"GetCommandLineW",
"GetConsoleMode",
"GetConsoleOutputCP",
"GetCPInfo",
"GetCurrentDirectoryA",
"GetCurrentProcess",
"GetCurrentProcessId",
"GetCurrentThread",
"GetCurrentThreadId",
"GetDiskFreeSpaceA",
"GetEnvironmentStringsW",
"GetFileAttributesA",
"GetFileAttributesExA",
"GetFileSize",
"GetFileSizeEx",
"GetFileTime",
"GetFileType",
"GetFullPathNameA",
"GetLastError",
"GetLocaleInfoW",
"GetModuleFileNameA",
"GetModuleFileNameW",
"GetModuleHandleA",
"GetModuleHandleExW",
"GetModuleHandleW",
"GetOEMCP",
"GetPrivateProfileIntA",
"GetPrivateProfileStringA",
"GetProcAddress",
"GetProcessHeap",
"GetProfileIntA",
"GetShortPathNameA",
"GetStartupInfoW",
"GetStdHandle",
"GetStringTypeExA",
"GetStringTypeW",
"GetSystemDefaultUILanguage",
"GetSystemDirectoryW",
"GetSystemInfo",
"GetSystemTimeAsFileTime",
"GetTempFileNameA",
"GetTempPathA",
"GetThreadLocale",
"GetTickCount",
"GetTimeZoneInformation",
"GetUserDefaultUILanguage",
"GetVersionExA",
"GetVolumeInformationA",
"GetWindowsDirectoryA",
"GlobalAddAtomA",
"GlobalAlloc",
"GlobalDeleteAtom",
"GlobalFindAtomA",
"GlobalFlags",
"GlobalFree",
"GlobalGetAtomNameA",
"GlobalHandle",
"GlobalLock",
"GlobalReAlloc",
"GlobalSize",
"GlobalUnlock",
"HeapAlloc",
"HeapFree",
"HeapQueryInformation",
"HeapReAlloc",
"HeapSize",
"InitializeCriticalSection",
"InitializeCriticalSectionAndSpinCount",
"InitializeCriticalSectionEx",
"InitializeSListHead",
"InterlockedFlushSList",
"IsBadReadPtr",
"IsDebuggerPresent",
"IsProcessorFeaturePresent",
"IsValidCodePage",
"LCMapStringW",
"LeaveCriticalSection",
"LoadLibraryA",
"LoadLibraryExA",
"LoadLibraryExW",
"LoadLibraryW",
"LoadResource",
"LocalAlloc",
"LocalFileTimeToFileTime",
"LocalFree",
"LocalReAlloc",
"LockFile",
"LockResource",
"lstrcmpA",
"lstrcmpiA",
"lstrcmpW",
"lstrcpyA",
"MoveFileA",
"MulDiv",
"MultiByteToWideChar",
"OutputDebugStringA",
"OutputDebugStringW",
"QueryActCtxW",
"QueryPerformanceCounter",
"QueryPerformanceFrequency",
"RaiseException",
"ReadFile",
"ReplaceFileA",
"ResumeThread",
"RtlCaptureContext",
"RtlLookupFunctionEntry",
"RtlPcToFileHeader",
"RtlUnwindEx",
"RtlVirtualUnwind",
"SearchPathA",
"SetEndOfFile",
"SetEnvironmentVariableW",
"SetFilePointer",
"SetFilePointerEx",
"SetFileTime",
"SetLastError",
"SetStdHandle",
"SetThreadPriority",
"SetUnhandledExceptionFilter",
"SizeofResource",
"Sleep",
"SystemTimeToFileTime",
"SystemTimeToTzSpecificLocalTime",
"TerminateProcess",
"TlsAlloc",
"TlsFree",
"TlsGetValue",
"TlsSetValue",
"UnhandledExceptionFilter",
"UnlockFile",
"VerifyVersionInfoA",
"VerSetConditionMask",
"VirtualAlloc",
"VirtualFree",
"VirtualProtect",
"VirtualQuery",
"WaitForSingleObject",
"WideCharToMultiByte",
"WriteConsoleW",
"WriteFile",
"WritePrivateProfileStringA"
]
},
{
"library_name": "USER32.dll",
"imported_functions": [
"AdjustWindowRectEx",
"AppendMenuA",
"BeginDeferWindowPos",
"BeginPaint",
"BringWindowToTop",
"CallNextHookEx",
"CallWindowProcA",
"CharNextA",
"CharUpperA",
"CharUpperBuffA",
"CheckDlgButton",
"CheckMenuItem",
"ClientToScreen",
"CloseClipboard",
"CopyAcceleratorTableA",
"CopyIcon",
"CopyImage",
"CopyRect",
"CreateAcceleratorTableA",
"CreateDialogIndirectParamA",
"CreateMenu",
"CreatePopupMenu",
"CreateWindowExA",
"DeferWindowPos",
"DefFrameProcA",
"DefMDIChildProcA",
"DefWindowProcA",
"DeleteMenu",
"DestroyAcceleratorTable",
"DestroyCursor",
"DestroyIcon",
"DestroyMenu",
"DestroyWindow",
"DispatchMessageA",
"DrawEdge",
"DrawFocusRect",
"DrawFrameControl",
"DrawIcon",
"DrawIconEx",
"DrawMenuBar",
"DrawStateA",
"DrawTextA",
"DrawTextExA",
"EmptyClipboard",
"EnableMenuItem",
"EnableScrollBar",
"EnableWindow",
"EndDeferWindowPos",
"EndDialog",
"EndPaint",
"EnumDisplayMonitors",
"EqualRect",
"FillRect",
"FrameRect",
"GetActiveWindow",
"GetAsyncKeyState",
"GetCapture",
"GetClassInfoA",
"GetClassInfoExA",
"GetClassLongA",
"GetClassLongPtrA",
"GetClassNameA",
"GetClientRect",
"GetComboBoxInfo",
"GetCursorPos",
"GetDC",
"GetDesktopWindow",
"GetDlgCtrlID",
"GetDlgItem",
"GetDoubleClickTime",
"GetFocus",
"GetForegroundWindow",
"GetIconInfo",
"GetKeyboardLayout",
"GetKeyboardState",
"GetKeyNameTextA",
"GetKeyState",
"GetLastActivePopup",
"GetMenu",
"GetMenuCheckMarkDimensions",
"GetMenuDefaultItem",
"GetMenuItemCount",
"GetMenuItemID",
"GetMenuItemInfoA",
"GetMenuState",
"GetMenuStringA",
"GetMessageA",
"GetMessagePos",
"GetMessageTime",
"GetMonitorInfoA",
"GetNextDlgGroupItem",
"GetNextDlgTabItem",
"GetParent",
"GetPropA",
"GetScrollInfo",
"GetScrollPos",
"GetScrollRange",
"GetSubMenu",
"GetSysColor",
"GetSysColorBrush",
"GetSystemMenu",
"GetSystemMetrics",
"GetTopWindow",
"GetUpdateRect",
"GetWindow",
"GetWindowDC",
"GetWindowLongA",
"GetWindowLongPtrA",
"GetWindowPlacement",
"GetWindowRect",
"GetWindowRgn",
"GetWindowTextA",
"GetWindowTextLengthA",
"GetWindowThreadProcessId",
"GrayStringA",
"HideCaret",
"InflateRect",
"InsertMenuA",
"InsertMenuItemA",
"IntersectRect",
"InvalidateRect",
"InvalidateRgn",
"InvertRect",
"IsCharLowerA",
"IsChild",
"IsClipboardFormatAvailable",
"IsDialogMessageA",
"IsIconic",
"IsMenu",
"IsRectEmpty",
"IsWindow",
"IsWindowEnabled",
"IsWindowVisible",
"IsZoomed",
"KillTimer",
"LoadAcceleratorsA",
"LoadAcceleratorsW",
"LoadBitmapW",
"LoadCursorA",
"LoadCursorW",
"LoadIconA",
"LoadIconW",
"LoadImageA",
"LoadImageW",
"LoadMenuA",
"LoadMenuW",
"LockWindowUpdate",
"MapDialogRect",
"MapVirtualKeyA",
"MapVirtualKeyExA",
"MapWindowPoints",
"MessageBeep",
"MessageBoxA",
"ModifyMenuA",
"MonitorFromPoint",
"MonitorFromWindow",
"MoveWindow",
"NotifyWinEvent",
"OffsetRect",
"OpenClipboard",
"PeekMessageA",
"PostMessageA",
"PostQuitMessage",
"PostThreadMessageA",
"PtInRect",
"RealChildWindowFromPoint",
"RedrawWindow",
"RegisterClassA",
"RegisterClipboardFormatA",
"RegisterWindowMessageA",
"ReleaseCapture",
"ReleaseDC",
"RemoveMenu",
"RemovePropA",
"ReuseDDElParam",
"ScreenToClient",
"ScrollWindow",
"SendDlgItemMessageA",
"SendMessageA",
"SetActiveWindow",
"SetCapture",
"SetClassLongPtrA",
"SetClipboardData",
"SetCursor",
"SetCursorPos",
"SetFocus",
"SetForegroundWindow",
"SetLayeredWindowAttributes",
"SetMenu",
"SetMenuDefaultItem",
"SetMenuItemBitmaps",
"SetMenuItemInfoA",
"SetParent",
"SetPropA",
"SetRect",
"SetRectEmpty",
"SetScrollInfo",
"SetScrollPos",
"SetScrollRange",
"SetTimer",
"SetWindowContextHelpId",
"SetWindowLongA",
"SetWindowLongPtrA",
"SetWindowPlacement",
"SetWindowPos",
"SetWindowRgn",
"SetWindowsHookExA",
"SetWindowTextA",
"ShowOwnedPopups",
"ShowScrollBar",
"ShowWindow",
"SubtractRect",
"SystemParametersInfoA",
"TabbedTextOutA",
"ToAsciiEx",
"TrackMouseEvent",
"TrackPopupMenu",
"TranslateAcceleratorA",
"TranslateMDISysAccel",
"TranslateMessage",
"UnhookWindowsHookEx",
"UnionRect",
"UnpackDDElParam",
"UpdateLayeredWindow",
"UpdateWindow",
"ValidateRect",
"WaitMessage",
"WindowFromPoint",
"WinHelpA"
]
},
{
"library_name": "GDI32.dll",
"imported_functions": [
"BitBlt",
"CombineRgn",
"CopyMetaFileA",
"CreateBitmap",
"CreateCompatibleBitmap",
"CreateCompatibleDC",
"CreateDCA",
"CreateDIBitmap",
"CreateDIBSection",
"CreateEllipticRgn",
"CreateFontIndirectA",
"CreateHatchBrush",
"CreatePalette",
"CreatePatternBrush",
"CreatePen",
"CreatePolygonRgn",
"CreateRectRgn",
"CreateRectRgnIndirect",
"CreateRoundRectRgn",
"CreateSolidBrush",
"DeleteDC",
"DeleteObject",
"DPtoLP",
"Ellipse",
"EnumFontFamiliesA",
"EnumFontFamiliesExA",
"Escape",
"ExcludeClipRect",
"ExtFloodFill",
"ExtSelectClipRgn",
"ExtTextOutA",
"FillRgn",
"FrameRgn",
"GetBkColor",
"GetBoundsRect",
"GetClipBox",
"GetDeviceCaps",
"GetLayout",
"GetMapMode",
"GetNearestPaletteIndex",
"GetObjectA",
"GetObjectType",
"GetPaletteEntries",
"GetPixel",
"GetRgnBox",
"GetStockObject",
"GetSystemPaletteEntries",
"GetTextCharsetInfo",
"GetTextColor",
"GetTextExtentPoint32A",
"GetTextFaceA",
"GetTextMetricsA",
"GetViewportExtEx",
"GetViewportOrgEx",
"GetWindowExtEx",
"GetWindowOrgEx",
"IntersectClipRect",
"LineTo",
"LPtoDP",
"MoveToEx",
"OffsetRgn",
"OffsetViewportOrgEx",
"OffsetWindowOrgEx",
"PatBlt",
"Polygon",
"Polyline",
"PtInRegion",
"PtVisible",
"RealizePalette",
"Rectangle",
"RectVisible",
"RestoreDC",
"RoundRect",
"SaveDC",
"ScaleViewportExtEx",
"ScaleWindowExtEx",
"SelectClipRgn",
"SelectObject",
"SelectPalette",
"SetBkColor",
"SetBkMode",
"SetDIBColorTable",
"SetLayout",
"SetMapMode",
"SetPaletteEntries",
"SetPixel",
"SetPixelV",
"SetPolyFillMode",
"SetRectRgn",
"SetROP2",
"SetTextAlign",
"SetTextColor",
"SetViewportExtEx",
"SetViewportOrgEx",
"SetWindowExtEx",
"SetWindowOrgEx",
"StretchBlt",
"TextOutA"
]
},
{
"library_name": "MSIMG32.dll",
"imported_functions": [
"AlphaBlend",
"TransparentBlt"
]
},
{
"library_name": "WINSPOOL.DRV",
"imported_functions": [
"ClosePrinter",
"DocumentPropertiesA",
"OpenPrinterA"
]
},
{
"library_name": "ADVAPI32.dll",
"imported_functions": [
"GetFileSecurityA",
"RegCloseKey",
"RegCreateKeyExA",
"RegDeleteKeyA",
"RegDeleteValueA",
"RegEnumKeyA",
"RegEnumKeyExA",
"RegEnumValueA",
"RegOpenKeyExA",
"RegOpenKeyExW",
"RegQueryValueA",
"RegQueryValueExA",
"RegSetValueA",
"RegSetValueExA",
"SetFileSecurityA"
]
},
{
"library_name": "SHELL32.dll",
"imported_functions": [
"DragFinish",
"DragQueryFileA",
"ExtractIconA",
"SHAddToRecentDocs",
"SHAppBarMessage",
"SHBrowseForFolderA",
"ShellExecuteA",
"SHGetDesktopFolder",
"SHGetFileInfoA",
"SHGetPathFromIDListA",
"SHGetSpecialFolderLocation"
]
},
{
"library_name": "SHLWAPI.dll",
"imported_functions": [
"PathFindExtensionA",
"PathFindFileNameA",
"PathIsUNCA",
"PathRemoveFileSpecW",
"PathStripToRootA",
"StrFormatKBSizeA"
]
},
{
"library_name": "UxTheme.dll",
"imported_functions": [
"CloseThemeData",
"DrawThemeBackground",
"DrawThemeParentBackground",
"DrawThemeText",
"GetCurrentThemeName",
"GetThemeColor",
"GetThemePartSize",
"GetThemeSysColor",
"GetWindowTheme",
"IsAppThemed",
"IsThemeBackgroundPartiallyTransparent",
"OpenThemeData"
]
},
{
"library_name": "ole32.dll",
"imported_functions": [
"CLSIDFromProgID",
"CLSIDFromString",
"CoCreateGuid",
"CoCreateInstance",
"CoDisconnectObject",
"CoFreeUnusedLibraries",
"CoGetClassObject",
"CoInitialize",
"CoInitializeEx",
"CoLockObjectExternal",
"CoRegisterMessageFilter",
"CoRevokeClassObject",
"CoTaskMemAlloc",
"CoTaskMemFree",
"CoUninitialize",
"CreateILockBytesOnHGlobal",
"CreateStreamOnHGlobal",
"DoDragDrop",
"IsAccelerator",
"OleCreateMenuDescriptor",
"OleDestroyMenuDescriptor",
"OleDuplicateData",
"OleFlushClipboard",
"OleGetClipboard",
"OleInitialize",
"OleIsCurrentClipboard",
"OleLockRunning",
"OleTranslateAccelerator",
"OleUninitialize",
"RegisterDragDrop",
"ReleaseStgMedium",
"RevokeDragDrop",
"StgCreateDocfileOnILockBytes",
"StgOpenStorageOnILockBytes",
"StringFromCLSID"
]
},
{
"library_name": "OLEAUT32.dll",
"imported_functions": [
"LoadTypeLib",
"OleCreateFontIndirect",
"SafeArrayDestroy",
"SysAllocString",
"SysAllocStringByteLen",
"SysAllocStringLen",
"SysFreeString",
"SysStringLen",
"SystemTimeToVariantTime",
"VarBstrFromDate",
"VariantChangeType",
"VariantClear",
"VariantCopy",
"VariantInit",
"VariantTimeToSystemTime"
]
},
{
"library_name": "oledlg.dll",
"imported_functions": [
"Ord(8)"
]
},
{
"library_name": "gdiplus.dll",
"imported_functions": [
"GdipAlloc",
"GdipBitmapLockBits",
"GdipBitmapUnlockBits",
"GdipCloneImage",
"GdipCreateBitmapFromHBITMAP",
"GdipCreateBitmapFromScan0",
"GdipCreateBitmapFromStream",
"GdipCreateFromHDC",
"GdipDeleteGraphics",
"GdipDisposeImage",
"GdipDrawImageI",
"GdipDrawImageRectI",
"GdipFree",
"GdipGetImageGraphicsContext",
"GdipGetImageHeight",
"GdipGetImagePalette",
"GdipGetImagePaletteSize",
"GdipGetImagePixelFormat",
"GdipGetImageWidth",
"GdiplusShutdown",
"GdiplusStartup",
"GdipSetInterpolationMode"
]
},
{
"library_name": "OLEACC.dll",
"imported_functions": [
"AccessibleObjectFromWindow",
"CreateStdAccessibleObject",
"LresultFromObject"
]
},
{
"library_name": "IMM32.dll",
"imported_functions": [
"ImmGetContext",
"ImmGetOpenStatus",
"ImmReleaseContext"
]
},
{
"library_name": "WINMM.dll",
"imported_functions": [
"PlaySoundA"
]
}
]
},
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.Nukesped.4!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260603",
"category": "malicious",
"result": "BehavesLike.Win64.Dropper.vh"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.238",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Win64.Nukesped.V4zn"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59713",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan ( 006db1731 )"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59714",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan ( 006db1731 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1221",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260604",
"category": "malicious",
"result": "ML.Attribute.HighConfidence"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260603",
"category": "malicious",
"result": "malicious (moderate confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win64/NukeSped.UW trojan"
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.783",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.ZYX.USBLF426"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32:Nukesped-HR [Trj]"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260604",
"category": "malicious",
"result": "Malicious (score: 100)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win64.Lazarus.go"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260604",
"category": "malicious",
"result": "Win64.Trojan.Lazarus.Tzfl"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.TR/W32.Nukesped.HS"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5614",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Win32.ZYX.USBLF426"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260604",
"category": "malicious",
"result": "ti!09CC7C879B7F"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "undetected",
"result": null
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260604",
"category": "malicious",
"result": "dll.trojan.nukesped"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780570866",
"engine_update": "20260604",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260604",
"category": "malicious",
"result": "TR/W32.Nukesped.HS"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38701",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260602",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107283",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44787AVA:64.31362",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260604",
"category": "malicious",
"result": "W64/ABTrojan.LRIM-1103"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-04.02",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260604",
"category": "malicious",
"result": "MALICIOUS"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.Loader/x64!1.13FCF (CLASSIC)"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260603",
"category": "malicious",
"result": "Artemis!BFD66EFDCAFB"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "ca9ca35:ca9ca35:cfcc2b7:cfcc2b7",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260604",
"category": "malicious",
"result": "Win32:Nukesped-HR [Trj]"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.5.4.0",
"engine_update": "20260604",
"category": "failure",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260604",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260604-02",
"engine_update": "20260604",
"category": "type-unsupported",
"result": null
}
},
"last_modification_date": 1780626770,
"meaningful_name": "WaveTest.EXE",
"size": 2824192,
"sha1": "352c579544232b5efc90f05f4171b93adb5ad359",
"creation_date": 1764559580,
"detectiteasy": {
"filetype": "PE64",
"values": [
{
"info": "C++",
"version": "19.27.29111",
"type": "Compiler",
"name": "Microsoft Visual C/C++"
},
{
"version": "14.27.29111",
"type": "Linker",
"name": "Microsoft Linker"
},
{
"version": "2019 version 16.7-16.8",
"type": "Tool",
"name": "Visual Studio"
}
]
},
"tags": [
"checks-cpu-name",
"long-sleeps",
"checks-user-input",
"detect-debug-environment",
"64bits",
"pedll"
],
"signature_info": {
"file version": "1, 0, 0, 1",
"description": "WaveTest MFC \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8",
"original name": "WaveTest.EXE",
"product": "WaveTest \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8",
"copyright": "Copyright (C) 2001",
"internal name": "WaveTest"
},
"sigma_analysis_summary": {
"Sigma Integrated Rule Set (GitHub)": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0
}
},
"magic": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"filecondis": {
"dhash": "00343e1e1e1f1504",
"raw_md5": "663e7d294e85fdc3f4d5aa3959f99a26"
},
"sha256": "09cc7c879b7facbda5349a8d273f8fac6b9be8c3f9927820bcd04583114564eb",
"last_submission_date": 1767664132,
"ssdeep": "49152:/JXzM7m0rfBEYlR58+t/apO64KjJL0dsjGTwZzhBTyWRBn6xoms6vPimXdLhKKy0:SWGTwjlBnCsAPiSLhU0",
"type_description": "Win32 DLL",
"magika": "PEBIN",
"first_submission_date": 1767658873,
"reputation": 0,
"last_analysis_stats": {
"malicious": 26,
"suspicious": 0,
"undetected": 44,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 4
},
"last_analysis_date": 1780579500
}
}
}