Hao123 by Baidu

By CagedTech in Browser Hijackers

Threat Scorecard

Popularity Rank:	722
Threat Level:	10 % (Normal)
Infected Computers:	261,538

First Seen:	April 9, 2013
Last Seen:	February 4, 2026
OS(es) Affected:	Windows

Hao123 by Baidu is an advertisement and add-on that may load with the popular Baidu Chinese search engine service. Through Hao123 by Baidu computer users may be presented with unwanted advertisements or website redirects. In some cases the Hao123 by Baidu page may load as the default home page setting within popular web browsers. There are different variations of Hao123 by Baidu in English and other languages. Even though Hao123 by Baidu is not a computer virus it can be more of an unwanted plugin or add-on for your web browser causing your home page to load a site that you do not want to utilize. There are files associated with Hao123 by Baidu that may be loaded onto your computer through the download and install of bundled software. Removal of those files will then rid your system of Hao123 by Baidu, which can be done through using an antispyware tool.

File System Details

Hao123 by Baidu may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	hao123inst-brazil.exe	1fe05fae1c86c3380c8170b96926129e	104
Name: hao123inst-brazil.exe MD5: 1fe05fae1c86c3380c8170b96926129e Size: 505.02 KB (505024 bytes) Detections: 104 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\OneDrive\Área de Trabalho\Backup - CCE\Windows7\Users\<username>\AppData\Local\Temp\is863293414\022E424D_stp\hao123inst-brazil.exe Group: Malware file Last Updated: September 29, 2025
2.	hao123inst.exe	ffd46e8471313a30b9f5c6bedec6afb2	11
Name: hao123inst.exe MD5: ffd46e8471313a30b9f5c6bedec6afb2 Size: 353.92 KB (353928 bytes) Detections: 11 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 23, 2016
3.	Hao123SysPop.exe	5e428c42fd57f72aa5fc23d7c5eda775	4
Name: Hao123SysPop.exe MD5: 5e428c42fd57f72aa5fc23d7c5eda775 Size: 207.68 KB (207688 bytes) Detections: 4 Type: Executable File Path: %ALLUSERSPROFILE%\baidu\update\download\ALL_hao123_sys_2014_11_24 Group: Malware file Last Updated: March 23, 2016
4.	Hao123_demo021214.exe	b08764dc151ac29ea9dae02c86a6387a	4
Name: Hao123_demo021214.exe MD5: b08764dc151ac29ea9dae02c86a6387a Size: 333.55 KB (333554 bytes) Detections: 4 Type: Executable File Path: %SystemDrive% Group: Malware file Last Updated: March 23, 2016
5.	hao123_setup.exe	138c344aac2f13497af504d81517ccec	2
Name: hao123_setup.exe MD5: 138c344aac2f13497af504d81517ccec Size: 1.04 MB (1045448 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Desktop Group: Malware file Last Updated: March 23, 2016
6.	hao123.1.0.0.1101.exe	93366ca5b233420c9005d7a2614764db	2
Name: hao123.1.0.0.1101.exe MD5: 93366ca5b233420c9005d7a2614764db Size: 627.33 KB (627336 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\baidu\hao123-ar Group: Malware file Last Updated: March 23, 2016
7.	hao123browserdownloader_tn-45045059_14.exe	9eb7e3bc3c063395bef68b447bf4b9f2	2
Name: hao123browserdownloader_tn-45045059_14.exe MD5: 9eb7e3bc3c063395bef68b447bf4b9f2 Size: 1.09 MB (1090136 bytes) Detections: 2 Type: Executable File Path: D:\madison_documents Group: Malware file Last Updated: March 23, 2016
8.	hao123.1.0.0.1108.exe	17d28637b6af825f3b1e10387cef1825	2
Name: hao123.1.0.0.1108.exe MD5: 17d28637b6af825f3b1e10387cef1825 Size: 608.68 KB (608680 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\baidu\hao123-ar Group: Malware file Last Updated: March 23, 2016

More files

Registry Details

Hao123 by Baidu may create the following registry entry or registry entries:

CLSID

{66C90826-4384-4020-AA28-D3A4FA5FD31F}

{F552F265-6686-4422-84E5-C695E35D863A}

File name without path

ar.hao123[1].xml

br.hao123[1].xml

Cliponyu.lnk

Hao123.lnk

hao123[1].htm

http_ar.hao123.com_0.localstorage

http_ar.hao123.com_0.localstorage-journal

http_br.hao123.com_0.localstorage

http_br.hao123.com_0.localstorage-journal

http_id.hao123.com_0.localstorage

http_id.hao123.com_0.localstorage-journal

http_jp.hao123.com_0.localstorage

http_jp.hao123.com_0.localstorage-journal

http_tw.hao123.com_0.localstorage

http_tw.hao123.com_0.localstorage-journal

http_www.7654.com_0.localstorage

http_www.9973.com_0.localstorage

http_www.9973.com_0.localstorage-journal

http_www.hao123.com_0.localstorage

http_www.hao123.com_0.localstorage-journal

https_ar.hao123.com_0.localstorage

https_ar.hao123.com_0.localstorage-journal

https_www.hao123.com_0.localstorage

https_www.hao123.com_0.localstorage-journal

Internet Hao123.lnk

Internet Hao 123 .lnk

jp.hao123[1].xml

nphao123DPS.dll

nphao123DPS_x64.dll

npJuziPlugin.dll

npJuziPlugin_x64.dll

soft.123juzi[1].xml

soft.hao123[1].xml

th.hao123[1].xml

tw.hao123[1].xml

www.hao123.com.ico

www.hao123[1].xml

Regexp file mask

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\hao123[RANDOM CHARACTERS].lnk

%ALLUSERSPROFILE%\Start Menu\hao123[RANDOM CHARACTERS].lnk

%APPDATA%\Microsoft\Windows\Start Menu\hao123[RANDOM CHARACTERS].lnk

%TEMP%\Hao123.ini

%Temp%\hao123Config.xml

%TEMP%\hao123inst[RANDOM CHARACTERS].exe

%temp%\Toylocalize.ini

%UserProfile%\Desktop\hao123[RANDOM CHARACTERS].lnk

%WINDIR%\System32\drivers\LcScience64.sys

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Baidu\BaiduProtect\LockIEStartPage

SOFTWARE\Baidu\Hao123

Software\Baidu\Hao123-ae

Software\Baidu\Hao123-ar

SOFTWARE\Baidu\Hao123-armeitu

Software\Baidu\Hao123-br

SOFTWARE\Baidu\Hao123-brgames

Software\Baidu\Hao123-brmovie

Software\Baidu\Hao123-id

Software\Baidu\Hao123-international

Software\Baidu\Hao123-jp

Software\Baidu\Hao123-sa

Software\Baidu\Hao123-th

Software\Baidu\Hao123-tw

SOFTWARE\Baidu\Hao123-vn

SOFTWARE\Classes\hao123chprogid

Software\Classes\hao123DPS.Agent

Software\Classes\JuziAgent.Agent

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ar.hao123.com

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\br.hao123.com

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ar.hao123.com

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\br.hao123.com

SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com

SOFTWARE\Clients\StartMenuInternet\hao123Juzi.exe

SOFTWARE\Clients\StartMenuInternet\hao123JuziBrowser.exe

SOFTWARE\Hao123

Software\hao123JuziBrowser

Software\hao123link

Software\HDwnld

SOFTWARE\JuziPlugin

Software\Microsoft\Internet Explorer\DOMStorage\123juzi.com

SOFTWARE\Microsoft\Internet Explorer\DOMStorage\7654.com

Software\Microsoft\Internet Explorer\DOMStorage\br.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\cn.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\jp.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\sa.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\soft.123juzi.com

Software\Microsoft\Internet Explorer\DOMStorage\th.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\v.hao123.com

Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66C90826-4384-4020-AA28-D3A4FA5FD31F}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F552F265-6686-4422-84E5-C695E35D863A}

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ar.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\br.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cn.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\jp.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com

Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\th.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tw.hao123.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.hao123.com

Software\Microsoft\Windows\CurrentVersion\App Paths\hao123JuziBrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Jzbstall.exe

Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\hao123chprogid_.HTM

Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\hao123chprogid_.HTML

Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\hao123chprogid_.MHTML

SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\hao123chprogid_http

SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\hao123chprogid_https

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids\hao123chprogid

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids\hao123chprogid

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids\hao123chprogid

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids\hao123chprogid

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}

SOFTWARE\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\hao123chprogid_.htm

SOFTWARE\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\hao123chprogid_.html

SOFTWARE\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\hao123chprogid_http

Software\Microsoft\Windows\CurrentVersion\RunOnce\hao123Setting

SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications\hao123Juzi.exe

Software\MozillaPlugins\@123juzi.com/nphao123DPS

Software\MozillaPlugins\@123juzi.com/npJuziAgent

SOFTWARE\RegisteredApplications\hao123JuziBrowser

Software\tsKdx

SOFTWARE\Wow6432Node\Baidu\BaiduProtect\LockIEStartPage

SOFTWARE\WOW6432Node\Clients\StartMenuInternet\hao123Juzi.exe

SOFTWARE\Wow6432Node\Clients\StartMenuInternet\hao123JuziBrowser.exe

SOFTWARE\Wow6432Node\hao123JuziBrowser

SOFTWARE\Wow6432Node\Microsoft\Tracing\hao123_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\hao123_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Jzbstall.exe

Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hao123Setting

SOFTWARE\Wow6432Node\RegisteredApplications\hao123JuziBrowser

SYSTEM\ControlSet001\Services\HSoftDoloEx

SYSTEM\ControlSet001\services\LcScience

SYSTEM\ControlSet001\services\WaNdFilter

SYSTEM\ControlSet002\Services\HSoftDoloEx

SYSTEM\ControlSet002\services\LcScience

SYSTEM\ControlSet002\services\WaNdFilter

SYSTEM\CurrentControlSet\Services\HSoftDoloEx

SYSTEM\CurrentControlSet\services\LcScience

SYSTEM\CurrentControlSet\services\WaNdFilter

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

hao123desk

hao123desk-ae

hao123desk-ar

hao123desk-br

hao123desk-brgames

hao123desk-id

hao123desk-international

hao123desk-jp

hao123desk-sa

hao123desk-th

hao123desk-vn

{C5E2255C-66FA-4187-8EB6-5176247C4723}

Directories

Hao123 by Baidu may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\Hao123

%ALLUSERSPROFILE%\Hao123

%APPDATA%\HSoftDoloEx

%APPDATA%\Hao123

%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#br.hao123.com

%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.hao123img.com

%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sa.hao123.com

%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hao123.com

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Cliponyu-Indonesia

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Hao123-Egypt

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Hao123-Saudi

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Hao123-Thailand

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Hao123-br

%APPDATA%\baidu\Cliponyu

%APPDATA%\baidu\hao123

%APPDATA%\baidu\hao123-br

%APPDATA%\baidu\hao123-brgames

%APPDATA%\baidu\hao123-sa

%AppData%\baidu\hao123-ar

%AppData%\baidu\hao123-jp

%AppData%\baidu\hao123-th

%LOCALAPPDATA%\Hao123

%ProgramFiles%\baidu\Hao123Desk

%ProgramFiles(x86)%\baidu\Hao123Desk

%ProgramFiles(x86)%\tbkset

%TEMP%\hao123desksetup

%TEMP%\hao123deskskinres

%USERPROFILE%\AppData\LocalLow\JuziPlugin

%USERPROFILE%\AppData\LocalLow\Microsoft\Windows\Start Menu\Programs\Hao123-br

%USERPROFILE%\AppData\LocalLow\hao123DPS

%USERPROFILE%\Application Data\JuziPlugin

%UserProfile%\Local Settings\Application Data\Hao123

%appdata%\hao123JuziBrowser

URLs

Hao123 by Baidu may call the following URLs:

hao.169x.cn/

hao.qquu8.com/

hao643.com/

http://br.hao123.com/

http://hao.7654.com/

http://hao.qq.com/

http://id.hao123.com/

http://jp.hao123.com/

http://th.hao123.com/

http://tw.hao123.com/

http://us.hao123.com/

http://vn.hao123.com/

https://1111.tmall.com/

https://ar.hao123.com/hao123

Analysis Report

General information

Family Name:	PUP.Hao123 by Baidu
Signature status:	No Signature

Known Samples

MD5: b2ca9cca60d2003648b52c8647f818d3

SHA1: 1cb43e1bd9eca2a9ad231adea01129198f0e8e14

SHA256: 1DEF3C259C7D27EFD675E83291123D9AE6E551D3A0D75B1DCE3691525B578181

File Size: 4.50 MB, 4497424 bytes

MD5: 58eab86e10f213b084ca14c2a100957b

SHA1: 0bf6eb30f1f7feb88c5032968e5a272124830712

SHA256: CB5E1940327BA322A6FD101CAF33AA6E6736F1C025F1829339B50233994FB5DA

File Size: 258.70 KB, 258696 bytes

MD5: ae2335a95a9049fcb5126b42e3d72a81

SHA1: 360fda3be51bb4537d7c094aaba70693d955af90

SHA256: 7D2276E820DD1987372098D5BB9B65E53A11D27A9BDCD518371DE8163EBCF1CD

File Size: 258.05 KB, 258048 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Avant Force
File Description	Avant Browser 2013 build 113
File Version	12.5.0.0
Legal Copyright	Copyright 1999-2013 Avant Force
Legal Trademarks	Avant Browser is a trademark of Avant Force
Product Name	Avant Browser

Digital Signatures

Signer	Root	Status
Baidu (China) Co., Ltd.	GlobalSign CodeSigning CA - G2	Root Not Trusted
Avant Force	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

No Version Info
x86

Block Information

Total Blocks:	834
Potentially Malicious Blocks:	45
Whitelisted Blocks:	743
Unknown Blocks:	46

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x 0 0 x x ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 x ? ? 0 0 0 0 0 x 0 x ? 0 ? x 0 0 ? ? ? ? 0 0 ? 0 ? ? ? 0 ? ? ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 x 0 0 ? x 0 0 0 x 0 0 0 0 ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\avant.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\avant.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nse48af.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse48af.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse48af.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse48af.tmp\welcome.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4582.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\.key::		RegNtPreCreateKey
HKLM\software\classes\.key::	regfile	RegNtPreCreateKey
HKCU\software\avant browser::setuplangid	3	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::hao123setting	c:\users\user\downloads\360fda3be51bb4537d7c094aaba70693d955af90_0000258048	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::start page	http://www.hao123.com/index.html	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\Users\Yhlnkuyb\AppData\Local\Temp\avant.exe -setinstlang

Hao123 by Baidu

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Hao123 by Baidu

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed