Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Downloader.Adload

Trojan.Downloader.Adload

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,002
Threat Level: 90 % (High)
Infected Computers: 30,907
First Seen: July 24, 2009
Last Seen: December 21, 2025
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Panda Generic Trojan
Fortinet W32/Adload.AFMR!tr.dldr
Microsoft Trojan:Win32/Trafog!rts
eTrust-Vet Win32/Agent.BBG!genus
Sophos Mal/Generic-L
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.J!87
AntiVir TR/Spy.31176.1
BitDefender Gen:Trojan.Heur.JP.bmHfaWcLXnib
ClamAV Trojan.Downloader.Adload-186
McAfee Generic Downloader.x!fyr
AVG Downloader.Generic11.ZUN
Fortinet W32/Adload.AFMQ!tr.dldr
Ikarus Trojan-Downloader.Agent2
AhnLab-V3 Downloader/Win32.Agent
Antiy-AVL Trojan/win32.agent.gen

File System Details

Trojan.Downloader.Adload may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. razzle.exe ba8327b25d1d948541628d9c6501101c 751
2. update.exe 65daf74a022ae91026a10b38ca543274 58
3. defender20.exe d7db78f425101a0be3fba3a59aa845b0 0
4. qmuoe.dll d68992a3731fd09b608f29e3e2a02321 0

Registry Details

Trojan.Downloader.Adload may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Irecord
Software\Picture\wyfdgguu

Analysis Report

General information

Family Name: Trojan.Downloader.Adload
Signature status: Self Signed

Known Samples

MD5: 93721e4a47e48213fc493b56df47f1bd
SHA1: b51632b2be5adfe825cce1a34bc9d96d4b4dc92d
File Size: 843.23 KB, 843232 bytes
MD5: 7f9b9704f2e1894881c3dc42266bdf0a
SHA1: 27ab461936e95ad714bdce8043287dcf103a6e5d
File Size: 1.44 MB, 1436119 bytes
MD5: 7486e0fb9444e3a5e4e5bee96ad77e29
SHA1: 7d4ae27d88677d3b659f0ebe46ce2299fa483e51
File Size: 827.45 KB, 827448 bytes
MD5: fae472eea8dd4a713e4b113808526b78
SHA1: 48dc296d3112bf47db725bc4588234f6352bd7c4
SHA256: 7ED7D233BBC68C942A4E3014724FB2D602F4E596694B34972C927F455AFAE7E6
File Size: 826.66 KB, 826664 bytes
MD5: 1dd2a9355fdf04e0bf5d1cba874195d9
SHA1: 16a0c5195bb92d92e0c0d1e546deb8dd9a00fb37
SHA256: 757D27551C9B37484DD3ABD94A41A2DF1AEF470D255284E497B9478B9D84C4F8
File Size: 6.28 MB, 6276456 bytes
Show More
MD5: f11e94ff029e5e2c2538c78a8de2a9ee
SHA1: 8a4803423745164dd24967bf836a2dd45c3779c1
SHA256: BD6E0986D46ED3CEB19D11BB7A54FDA5F1B418C90AC8BFFEF69FE74B08E7D16D
File Size: 902.94 KB, 902936 bytes
MD5: da7249b7fa15fd46e5dc71646f78b736
SHA1: f706d3e5c8d7ce1d8828e4effb0f0b39874f70d3
SHA256: 09B48A2338DBC87CDB65A88965F4A38F689AA43C52F30710DC484BF928873F79
File Size: 1.73 MB, 1726944 bytes
MD5: c9412d8904f5e266a2a3cfdeb2fb1f4a
SHA1: 7b423b2d7b94856b2cd411c474e992e4cb4ecb46
SHA256: 59D4DD06333AEB7F5A1B457D0AF23949A4EA4B199DE3F23754802F26CFF30232
File Size: 379.14 KB, 379138 bytes
MD5: 92d0ad2f73392547b31c32da2dcc553c
SHA1: 364a8bc0f32fcc9ce76683502ddd2fee4d294937
SHA256: E77F75669E4B6F89ED073B6F00A8D55CC196C2E441C7CFD010CE9EE11EBC5960
File Size: 120.97 KB, 120974 bytes
MD5: 128d9d5654c09e819cb55c710f30fb2b
SHA1: e098102a7b33e3d2ad7075affa00603258a85ef3
SHA256: A7D3EB7B49D560D82A956067B1A005C26F61098120F636BEDD9AA2F9996ECB23
File Size: 839.74 KB, 839744 bytes
MD5: bea2ce574916414a23e3ce0c06b4ce42
SHA1: 90e71ed4cc8b6b97a7df7693866949e481ae059a
SHA256: 6579A6106438632C473CEF4968A287C32750739685087756CC054C2CD11B5C07
File Size: 88.70 KB, 88696 bytes
MD5: c58193435f85bcd9115f59ae2d324891
SHA1: 467592a403fec957e33c47449cdf77373758b506
SHA256: C81C3D557219A3486C1A3AEFFDCA11B485B51548461504730DC0BB40398CCAF0
File Size: 890.14 KB, 890144 bytes
MD5: aaca40daf744e9b9312d375ce3990bad
SHA1: 4f4935b2a6c195a5334054447a2ab733cd2a8088
SHA256: 7E9C1BFE1DA56C84C872144E7FC6FE7702647E247489B5D43A4F13DF6501D94D
File Size: 731.42 KB, 731416 bytes
MD5: 40af57fbc53b2bb9cd62ff65ed62bbdd
SHA1: cb4cff53a7bfbfaada70ca51fd006619656a17fb
SHA256: 8BB150F9B5F00B79FA7389C91DA19F98E4CA03F8D0718DC1E1480595DBDD863D
File Size: 3.67 MB, 3672245 bytes
MD5: 574345746cc7605871fddebda4cae3d2
SHA1: 79b5446e6d458efd8d1715cbfccc81dcff337dc3
SHA256: 87073AF8828A7B5667C05D74C6D7D740049597707C74691874DB5CDC862BA34F
File Size: 1.73 MB, 1726357 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Probit Software LTD
  • PSafe S/A
  • Smilebox, Inc.
File Description
  • Easy Driver Pro
  • Instalador do PSafe
  • Instalador do PSafe (Canal:2)
  • Kiwi X Executor.exe Setup
  • Smilebox Installer
File Version
  • 8.2.0.7
  • 6.5.0.0
  • 3.2.1210.1401
  • 3.1.1209.17401
  • 1.0.0.32697
  • 1.0.0.31210
  • 1.0.0.29190
Legal Copyright
  • (c) 2011 Smilebox, Inc. All Rights Reserved
  • Kiwi X Executor.exe
  • Probit Software LTD
  • © PSafe S/A
Product Name
  • Easy Driver Pro
  • Kiwi X Executor.exe
  • PSafe
  • Smilebox
Product Version
  • 8.2.0
  • 6.5.0.0
  • 3.2.1210.1401
  • 3.1.1209.17401

Digital Signatures

Signer Root Status
PSafe Tecnologia S.A. DigiCert Assured ID Code Signing CA-1 Self Signed
Smilebox, Inc. Symantec Class 3 SHA256 Code Signing CA Self Signed

File Traits

  • 2+ executable sections
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • VirtualQueryEx
  • x86

Block Information

Similar Families

  • Agent.M
  • Agent.MH
  • Agent.MI
  • Agent.MU
  • Autorun.LA
Show More
  • FakeAV.AU

Files Modified

File Attributes
c:\users\user\appdata\local\temp\binsischeck654.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-113p5.tmp\79b5446e6d458efd8d1715cbfccc81dcff337dc3_0001726357.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-8t6j8.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-8t6j8.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-sq7lc.tmp\f706d3e5c8d7ce1d8828e4effb0f0b39874f70d3_0001726944.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-uupi9.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-uupi9.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa4cca.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa6200.tmp\installsplash.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsa6200.tmp\installsplash.bmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsa6200.tmp\installsplash.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsa6200.tmp\installsplash.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd6d81.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse48fc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf4b6d.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b6d.tmp\xml.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi6da1.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi6da1.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi6da1.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsi6da1.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi6da1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl3f07.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl3f07.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl3f07.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl3f07.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm514e.tmp\installsplash.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsm514e.tmp\installsplash.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm514e.tmp\installsplash.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsm514e.tmp\installsplash.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm514e.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp4cda.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsre950.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsre950.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsre950.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsre950.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsre950.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3de1.tmp\xml.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb25d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvb26d.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\config.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\logo.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\payloadreader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\smsplus.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvb26d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswe920.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsz3271.tmp\installsplash.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz3271.tmp\installsplash.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz3271.tmp\installsplash.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz3271.tmp\installsplash.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz3271.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz49c8.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8b2b9a00839eed1dfdccc3bfc2f5df12 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b46811c17859ffb409cf0e904a4aa8f8 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8b2b9a00839eed1dfdccc3bfc2f5df12 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b46811c17859ffb409cf0e904a4aa8f8 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Process Shell Execute
  • CreateProcess

Shell Command Execution

"C:\Users\Xzlsaarx\AppData\Local\Temp\is-SQ7LC.tmp\f706d3e5c8d7ce1d8828e4effb0f0b39874f70d3_0001726944.tmp" /SL5="$20138,865850,776192,c:\users\user\downloads\f706d3e5c8d7ce1d8828e4effb0f0b39874f70d3_0001726944"
"C:\Users\Tctjzqsg\AppData\Local\Temp\is-113P5.tmp\79b5446e6d458efd8d1715cbfccc81dcff337dc3_0001726357.tmp" /SL5="$701FA,865850,776192,c:\users\user\downloads\79b5446e6d458efd8d1715cbfccc81dcff337dc3_0001726357"

Related Posts

Trending

Most Viewed

Loading...