Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.PullUpdate

Adware.PullUpdate

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 1,978
Threat Level: 20 % (Normal)
Infected Computers: 189,347
First Seen: June 28, 2014
Last Seen: February 5, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Adware.PullUpdate

File System Details

Adware.PullUpdate may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Gambali.dll.vir 7a95e710a72f1f9025036f172fe94ee6 698
2. Gambali.dll 0a2a7998d6864957a8f782a51fd3a926 37
More files

Registry Details

Adware.PullUpdate may create the following registry entry or registry entries:
CLSID
{051E9166-B275-4683-907B-372FAE22BC7C}
{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
{E5A7A645-8318-4895-B85C-EDC606B80DB6}
File name without path
http_enikensky.com_0.localstorage
http_enikensky.com_0.localstorage-journal
http_net-quick.com_0.localstorage
http_net-quick.com_0.localstorage-journal
HKEY..\..\..\..{RegistryKeys}
Software\AppDataLow\Software\DynConIE
SOFTWARE\Classes\DynConIE.DynConIEObject
SOFTWARE\Classes\DynConIE.DynConIEObject.1
Software\Microsoft\Internet Explorer\DOMStorage\enikensky.com

URLs

Adware.PullUpdate may call the following URLs:

all-czech.com/search
blankpage1.ru
blankpage2.ru
blankpage3.ru
blankpage4.ru
blankpage5.ru
blankpage6.ru
boostsear.com
enikensky.com
https://search.hr/
mir2sky1.com
newssci.com/
nixunhuan.com
page-ups.com/all
searchboro.com
searchiksa.com
searchpause.com
searchqq.com
searpages.com
simolesr.com
stadsear.com
startpage1.ru
statliru1.ru
thirafileb-uk.ru
ttczmd.com

Analysis Report

General information

Family Name: Adware.PullUpdate
Signature status: Self Signed

Known Samples

MD5: bd133e298ea641d43de7562623c4837b
SHA1: aabce0c41f4e95ecaa687616a745df12d8654d32
File Size: 3.19 MB, 3193536 bytes
MD5: 8975a4efee7cf9e87b46b481ad1cf288
SHA1: 81a8dd8e047ab0ca714ec62777790dda054a915a
File Size: 2.73 MB, 2730976 bytes
MD5: a7aee25be5ec24ccd1bc8d43890d8209
SHA1: ab45f417b0e46bf9acec775f28f218841ab4a04c
File Size: 1.10 MB, 1101056 bytes
MD5: 09ac029964c4c053c0a53fe74e77de70
SHA1: 7ab57c0a58d6af848e9ecda75aae8da82e75a748
SHA256: E94ECC8461923B59E668E87B4D22B279AA1BD8A28DFE6DDC46C76B7B9DA7D117
File Size: 1.46 MB, 1456944 bytes
MD5: 92fd87365cc2fec4dd0c06000870e1fc
SHA1: 180b14df09afb208eda6a6d4b78f0c8556185442
SHA256: 81D8411A6C220D7C86BB3F9804C2B565A81D80EF38FD07A5F1CD23AA5149E992
File Size: 4.44 MB, 4441720 bytes
Show More
MD5: db44a845b726d40efb60806f3516cb41
SHA1: ca02ee714cc56e00fd5de46300905c8397861f20
SHA256: A9AD4EC07A2C0BF75914343B24017F828FB114FAF6031BFCEA315848239F480A
File Size: 2.32 MB, 2315632 bytes
MD5: 15179a39788c69d2484796bc8df1af1e
SHA1: e0f5eeb4c4a885df14e1155cc652638a7a3ef5e0
SHA256: B429FBDE4EEE3E2EAF36EBA26E88EBA1A1EB81042B18B17B65C77268A5D53B88
File Size: 48.10 KB, 48104 bytes
MD5: 8df6511104908e4d40da890ec4375033
SHA1: 8b700075175549e9593448bb3654f5742b4dcbd1
SHA256: B8EAA5BC5E95F503C71F30F0DDB40804DC19B9203B8DC28DDC0CAB3F140FF39F
File Size: 1.46 MB, 1456912 bytes
MD5: 2ea335052e1b0843c8e9a219d2deb84e
SHA1: f7e96f50bd339288d68622e66338a4a9d6176bc4
SHA256: 4471A0590E6C6B9CABEA7B607EA1AF86CA5E694ABBD1CDF33186AEFAB168B447
File Size: 2.24 MB, 2241648 bytes
MD5: e5a0c775f76a36f56df4c96e3a30ea45
SHA1: e0a947fe5ede78d34e2482055371249125d97015
SHA256: 87D552AFF56A8FC03590E3BF10D61C8709B78A110186E7F08F0A728115981B96
File Size: 576.10 KB, 576104 bytes
MD5: 48b10fd429add254bd29c9420dfec2df
SHA1: 2a9e9d9787a4fcccea50dd503fcfc519eb6042cf
SHA256: 5176037CA531445AF53DBBC4F53642F23BACEC9A7204E94F3AF2E1D2E9AFFADC
File Size: 49.66 KB, 49656 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Company Name
  • Gratifying Apps
  • Green Fire Software
  • Irrational Number Applications
  • Smart Applications
  • Time Lapse Solutions
  • Unique Solutions
File Description
  • DesktopSearch Service
  • FrameworkBHO
  • Health Alert Setup
  • MovieMaster Service
  • speed browser Installer
  • WebShield
  • ZombieNews
File Version
  • 1.1.0.0
  • 1.0.0.1
  • 1.0.0.0
Internal Name
  • DesktopSearchService.exe
  • FrameworkBHO
  • Installer.exe
  • MovieMasterService.exe
  • WebShield.exe
  • ZombieNews.exe
Legal Copyright
  • (c) Rational Thought Solutions
  • Copyright (C) 2014
  • Copyright © Green Fire Software 2014
  • Copyright © Irrational Number Applications 2015
  • Copyright © Smart Applications 2015
  • Copyright © Time Lapse Solutions 2015
  • Copyright © Unique Solutions 2015
Original Filename
  • DesktopSearchService.exe
  • Installer.exe
  • MovieMasterService.exe
  • WebShield.exe
  • ZombieNews.exe
Product Name
  • Browser Protect
  • Desktop Search
  • Framework
  • Health Alert
  • Movie Master
  • speed browser
  • Web Shield
  • Zombie News
Product Version
  • 2.7.51.1
  • 1.1.0.0
  • 1.0.0.1
  • 1.0.0.0

Digital Signatures

Signer Root Status
Irrational Number Applications Symantec Class 3 SHA256 Code Signing CA Self Signed
Time Lapse Solutions Symantec Class 3 SHA256 Code Signing CA Self Signed
Unique Solutions Symantec Class 3 SHA256 Code Signing CA Self Signed
Western Web Applications, LLC UTN-USERFirst-Object Root Not Trusted
Green Fire Software VeriSign Class 3 Code Signing 2010 CA Self Signed
Show More
Interesting Solutions VeriSign Class 3 Code Signing 2010 CA Self Signed
Mathematical Applications VeriSign Class 3 Code Signing 2010 CA Self Signed
Rational Thought Solutions VeriSign Class 3 Code Signing 2010 CA Self Signed
Smart Applications VeriSign Class 3 Code Signing 2010 CA Self Signed
Gratifying Apps thawte Primary Root CA Root Not Trusted

Block Information

Total Blocks: 18
Potentially Malicious Blocks: 0
Whitelisted Blocks: 7
Unknown Blocks: 11

Visual Map

0 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • SmartApps.B

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_bg.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_browseraction.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_common.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_content.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_settings.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\appapi_webrequest.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\appframework\jquery.min.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\background.html Generic Write,Read Attributes
Show More
c:\program files (x86)\browser protect\canvasframework\canvas_bg.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\canvasframework\canvasscript_engine.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\canvasframework\md5.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\canvasframework\registry.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\canvasframework\webrequest.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\config.xml Generic Write,Read Attributes
c:\program files (x86)\browser protect\extension_info.json Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\browser_button.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\context_menu.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\context_menu_item_handler.html Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\framework_api.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\notification.html Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\notifications.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\options.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\bottom-left.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\bottom-middle.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\bottom-right.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\middle-left.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\middle-right.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\tail-bottom.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\tail-left.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\tail-right.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\tail-top.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\top-left.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\top-middle.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\theme\bubble\top-right.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework-ui\ui_base.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\backgroundscript_engine.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\base.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\browser.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\console.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\framework.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\global.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\i18n.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\initialize.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\invoke_async.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\io.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\json2.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\lang.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\legacy.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\message_target.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\messaging.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\storage.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\timer.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\updater.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\userscript_client.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\userscript_engine.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\utils.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\framework\xhr.js Generic Write,Read Attributes
c:\program files (x86)\browser protect\frameworkbho.dll Generic Write,Read Attributes
c:\program files (x86)\browser protect\frameworkbho64.dll Generic Write,Read Attributes
c:\program files (x86)\browser protect\frameworkengine.exe Generic Write,Read Attributes
c:\program files (x86)\browser protect\icons\button.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\icons\icon100.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\icons\icon128.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\icons\icon32.png Generic Write,Read Attributes
c:\program files (x86)\browser protect\icons\icon48.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\chrome_gp_update.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\chrome_installer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\common.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_bg.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_browseraction.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_common.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_content.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_settings.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\appapi_webrequest.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\appframework\jquery.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\background.html Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\bootstrap.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\canvasframework\canvas_bg.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\canvasframework\canvasscript_engine.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\canvasframework\md5.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\canvasframework\registry.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\canvasframework\webrequest.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\chrome.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\extension_info.json Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\browser_button.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\content_notifications.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\contentnotification.tmpl Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\contentnotificationstyle.tmpl Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\context_menu.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\framework_api.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\notifications.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\options.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework-ui\ui_base.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\backgroundscript_engine.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\base.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\browser.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\chrome_windows.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\console.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\content_proxy.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\framework.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\i18n.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\invoke_async.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\io.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\lang.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\legacy.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\message_target.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\messaging.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\storage.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\timer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\uninstall.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\userscript_client.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\userscript_engine.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\utils.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\framework\xhr.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\icons\button.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\icons\icon100.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\icons\icon128.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\icons\icon32.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\icons\icon48.png Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox\install.rdf Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\firefox_installer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\gpedit.exe Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\ie_installer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\info.xml Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\installer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\main_installer.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\migrate.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\projectinstaller.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\repair.js Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\softwaredetector.exe Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\sqlite3.exe Generic Write,Read Attributes
c:\users\user\appdata\local\browser protect\sqlite3.exe Synchronize,Write Attributes
c:\users\user\appdata\local\browser protect\storageedit.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\md5dll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\nsprocess2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\ping.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk8776.tmp\helper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk8776.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk8776.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk8776.tmp\versionex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstcab.tmp\helper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstcab.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstcab.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\40c68d5626484a90937f0752c8b950ab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\62b5af9be9adc1085c3c56ec07a82bf6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7b8944ba8ad0efdf0e01a43ef62becd0_f7d52a22921e5e9fc19716bfe582bb63 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8dfdf057024880d7a081afbf6d26b92f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\ea618097e393409afa316f0f87e2c202_4517bb8bcbb4e8835735d26085bece1a Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\ea618097e393409afa316f0f87e2c202_bdf48f0781499b1ef904fb1723a5e277 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\ecf3006d44da211141391220ee5049f4 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\40c68d5626484a90937f0752c8b950ab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\62b5af9be9adc1085c3c56ec07a82bf6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7b8944ba8ad0efdf0e01a43ef62becd0_f7d52a22921e5e9fc19716bfe582bb63 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8dfdf057024880d7a081afbf6d26b92f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\ea618097e393409afa316f0f87e2c202_4517bb8bcbb4e8835735d26085bece1a Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\ea618097e393409afa316f0f87e2c202_bdf48f0781499b1ef904fb1723a5e277 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\ecf3006d44da211141391220ee5049f4 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob ់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀ ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀ ب⬈Ćԅ̇؂⬈Ćԅ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob \Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋ .Thawte Timestamping CA  ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ RegNtPreCreateKey
HKLM\software\wow6432node\browser protect::systemid RegNtPreCreateKey
HKLM\software\wow6432node\advertisingsupport::systemid RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﳷ聨苰ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 琱舅苰ǜ RegNtPreCreateKey

Windows API Usage

Category API
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
Show More
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSecurityObject
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId

56 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
cscript.exe //Nologo "ping.js" "http://www.installping5.info/installer-run//f799d1014f7e8674a082c89959a84455/xriderexe/695329/?pid=38992&sub_id=default&uzid=695329&subid=&pid=2020" "C:\Users\Ifvjshzl\AppData\Local\Temp\nscA796.tmp\pz_info" ""

Related Posts

Trending

Most Viewed

Loading...