kdmapper.exe
Sign up
Create your account
Actionable Threat Intelligence
Maltiverse © 2025
- Filename:
- kdmapper.exe
- md5:
- 645d23428130a53dc68230455ee1ea09
- sha1:
- 6344779007122187eb8c5d30110aaa52f11e32f9
- sha256:
- f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e
- Filetype:
- PE32+ executable (console) x86-64, for MS Windows
- Size (Bytes):
- 139776
- Classification:
- malicious
- Indexed:
- Mon Mar 03 2025 16:39:39 GMT+0000 (5 months ago)
- Last modified:
- Tue Mar 04 2025 07:34:38 GMT+0000 (5 months ago)
Sample information
45
Antivirus detections0
IDS alerts1
Processes0
Http events0
Contacted hosts0
DNS Requests
4.2
Score
Current activity of this Sample
Blacklist timeline
First seen: Mon Mar 03 2025 16:49:05 GMT+0000
Last seen: Mon Mar 03 2025 17:53:16 GMT+0000
Period: an hour
Last seen: Mon Mar 03 2025 17:53:16 GMT+0000
Period: an hour
Hashes
In depth details
Dates
Developers can check API Specification here:
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e
Request:
Alternatively you can use Maltiverse Python3 Library:
import requests
import json
url = 'https://api.maltiverse.com/sample/f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))
Request:
$url = 'https://api.maltiverse.com/sample/f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e'
$headers = @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response
Response:
{
"antivirus": [
{
"description": "Gen:Variant.Tedy.655526",
"name": "ALYac"
},
{
"description": "Malicious",
"name": "APEX"
},
{
"description": "Win64:HacktoolX-gen [Trj]",
"name": "AVG"
},
{
"description": "Trojan/Win.Generic.R646749",
"name": "AhnLab-V3"
},
{
"description": "HackTool/Win32.DriverLoader",
"name": "Antiy-AVL"
},
{
"description": "Trojan.Zusy.D8E7C4",
"name": "Arcabit"
},
{
"description": "Win64:HacktoolX-gen [Trj]",
"name": "Avast"
},
{
"description": "Gen:Variant.Zusy.583620",
"name": "BitDefender"
},
{
"description": "W64.AIDetectMalware",
"name": "Bkav"
},
{
"description": "HackTool.GameHack.S34932905",
"name": "CAT-QuickHeal"
},
{
"description": "exe.unknown.zusy",
"name": "CTX"
},
{
"description": "Win.Tool.Zusy-10033075-0",
"name": "ClamAV"
},
{
"description": "win/grayware_confidence_90% (D)",
"name": "CrowdStrike"
},
{
"description": "MALICIOUS",
"name": "DeepInstinct"
},
{
"description": "a variant of Win64/HackTool.GameHack.Q",
"name": "ESET-NOD32"
},
{
"description": "malicious (high confidence)",
"name": "Elastic"
},
{
"description": "Gen:Variant.Zusy.583620 (B)",
"name": "Emsisoft"
},
{
"description": "Gen:Variant.Zusy.583620",
"name": "FireEye"
},
{
"description": "W64/GameHack.Q!tr",
"name": "Fortinet"
},
{
"description": "Gen:Variant.Zusy.583620",
"name": "GData"
},
{
"description": "Detected",
"name": "Google"
},
{
"description": "Trojan.Win64.Krypt",
"name": "Ikarus"
},
{
"description": "Trojan ( 0058ef5b1 )",
"name": "K7AntiVirus"
},
{
"description": "Trojan ( 0058ef5b1 )",
"name": "K7GW"
},
{
"description": "HEUR:HackTool.Win32.DriverLoader.gen",
"name": "Kaspersky"
},
{
"description": "Trojan.Downloader",
"name": "Malwarebytes"
},
{
"description": "Trojan.Malware.300983.susgen",
"name": "MaxSecure"
},
{
"description": "ti!F6F389462C57",
"name": "McAfeeD"
},
{
"description": "Gen:Variant.Zusy.583620",
"name": "MicroWorld-eScan"
},
{
"description": "Trojan:Win64/DriverLoader.RDB!MTB",
"name": "Microsoft"
},
{
"description": "Trj/GdSda.A",
"name": "Panda"
},
{
"description": "Trojan.DriverLoader!8.18C1C (TFE:5:E9vYeESLItQ)",
"name": "Rising"
},
{
"description": "Suspicious.Win32.Save.a",
"name": "Sangfor"
},
{
"description": "Static AI - Malicious PE",
"name": "SentinelOne"
},
{
"description": "BehavesLike.Win64.Downloader.ch",
"name": "Skyhigh"
},
{
"description": "ATK/Kdmapper-A",
"name": "Sophos"
},
{
"description": "ML.Attribute.HighConfidence",
"name": "Symantec"
},
{
"description": "Malware.Win32.Gencirc.10c0652d",
"name": "Tencent"
},
{
"description": "Gen:Variant.Tedy.655526",
"name": "VIPRE"
},
{
"description": "W64/Dacic.F.gen!Eldorado",
"name": "Varist"
},
{
"description": "HackTool.Win64.Genus.GAM",
"name": "VirIT"
},
{
"description": "Win.Malware.Gen",
"name": "Webroot"
},
{
"description": "Riskware.GameHack!9PX82cmxmMs",
"name": "Yandex"
},
{
"description": "Tool.GameHack.Win64.4479",
"name": "Zillya"
},
{
"description": "HackTool/DriverLoader.a",
"name": "huorong"
}
],
"blacklist": [
{
"count": 1,
"description": "Generic Malware",
"first_seen": "2025-03-03 16:49:05",
"last_seen": "2025-03-03 17:53:16",
"ref": [
1
],
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"creation_time": "2025-03-03 16:39:39",
"filename": [
"kdmapper.exe"
],
"filetype": "PE32+ executable (console) x86-64, for MS Windows",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "645d23428130a53dc68230455ee1ea09",
"modification_time": "2025-03-04 07:34:38",
"process_list": [
{
"name": "kdmapper.exe",
"normalizedpath": "C:\\kdmapper.exe",
"sha256": "f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e",
"uid": "00000000-00003652"
}
],
"score": 4.2,
"scoring_executed_time": "2025-03-04 05:11:22",
"sha1": "6344779007122187eb8c5d30110aaa52f11e32f9",
"sha256": "f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e",
"size": 139776,
"type": "sample"
}
Antivirus positives
Process list
- uid
- 00000000-00003652
- commandline
- name
- kdmapper.exe
- normalizedpath
- C:\kdmapper.exe
- sha256
- f6f389462c57122122e1d17e23cf5660a9a20d5076b25626575f86a80f92a36e