Multi-License Discount Quote

Change Region

English
Threat Database Adware Win32/DomaIQ

Win32/DomaIQ

By JubileeX in Adware

Threat Scorecard

Popularity Rank: 7,200
Threat Level: 20 % (Normal)
Infected Computers: 17,826
First Seen: June 24, 2013
Last Seen: January 22, 2026
OS(es) Affected: Windows

Win32/DomaIQ is a dangerous adware infection that may slip onto your system without your knowledge. Once loaded, the Win32/DomaIQ threat may display random and unwanted advertisements. In some cases the Win32/DomaIQ threat comes from bundled Flash Player and .NET framework downloads from questionable source on the internet. Win32/DomaIQ may also load severl executable files causing your system to operate abnormally and potentially changing internet settings within your web browser applications.

SpyHunter Detects & Remove Win32/DomaIQ

File System Details

Win32/DomaIQ may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Uninstall.exe 1947b2941f4821597aac4530f8189bcf 3,334
2. DomaIQUninstall.exe ca0eaeafad9c303a8b20fa67fc0e46cb 2,300
3. DomaIQ10.exe 0831f76c23c8e8addddca3584242a0ea 286
More files

Analysis Report

General information

Family Name: Adware.DomaIQ
Signature status: Root Not Trusted

Known Samples

MD5: abdc42ec12b4a8b601936960637754dc
SHA1: 1233e9f168d6947f99d3d46b1b8b917af19de0dc
File Size: 31.61 KB, 31608 bytes
MD5: af7c348fb5f4d6cc1c70cd1f9a5e4bdf
SHA1: 327c99170718265434f48713ed840daffc706454
SHA256: 09A6D71C685FB30E43CF75D0325F7BE11F333C29D41BDB4C9E528F181161CC17
File Size: 375.78 KB, 375776 bytes
MD5: 26e3441d222d417f9221a0f470879514
SHA1: 58414b8618ff0b40077c033877e31ddda5a1dad6
SHA256: 767BBCA50269C8A75FF0E396C785B7176C699BDEC95C7B6D2F4BA3B520D19963
File Size: 4.57 MB, 4574328 bytes
MD5: 1059422b15764a575eb547f056ae0615
SHA1: 6fb631ef90805c8ba8db407151e09a15114d2f3d
SHA256: 19951251BB660E8E4F33502F5901FBFAB32B42F69A520A3E76074894ACB51544
File Size: 1.83 MB, 1826055 bytes
MD5: 88cd163f154258c309e9efd0e4293af9
SHA1: dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d
SHA256: 64535F66B5D9F8EAC83D0E61E24229CD877F8F4C674DB5C1BB6BE58549901E30
File Size: 813.96 KB, 813960 bytes
Show More
MD5: 645bca9c1a7366d732f0783b6f87f452
SHA1: 78449b66cad4bc9681e2440ea8157098289e1c90
SHA256: 36B7A4D9BD5BDC0AB92CF486D5A6E2C4CA66FCB2F0CD2896CEABF98608A14C54
File Size: 964.19 KB, 964192 bytes
MD5: 1d1a8ff0e28e16f760ad4fad73fe4e6c
SHA1: 5f27fc382b62f506f188e7eda82af75d47e61531
SHA256: 6C34D79381C1768A76D6B2682E1A8E12DDAC9E9E317CA08143314EF2E04F875E
File Size: 792.04 KB, 792040 bytes
MD5: 73faa506425264caa636cdda2bc9dd77
SHA1: 5a761e60a097765c219cc5e3d3eb48ada48bdfd5
SHA256: EF6F42BE35EF6FD94B08A471652316B56E976F675263657FBAD2AA2729D2F026
File Size: 738.26 KB, 738264 bytes
MD5: 95cb45297bd29404875ee986ee4f7f3f
SHA1: c08e3506be6fcbb27b137649ee3a5344a34be157
SHA256: DB761A9D1AC89DEAD685487AE46B3B328EAF4B9A03BD00EE21667C88B62C939E
File Size: 855.04 KB, 855040 bytes
MD5: ea9b63cffe93f4e74738f7c3af5e1fa6
SHA1: c861fe6afb9267c228a92536770ae81f75dec733
SHA256: F6E3076F5693E4CA8FB7FFB78762A24A884F17F9B8EE13953F84B0B878C59358
File Size: 320.40 KB, 320400 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Company Name W3i, LLC
File Description
  • Freeze.com Installation Utility
  • uninstaller
File Version
  • 1.0.0.0
  • 1, 53, 0, 0
Internal Name
  • FreezeWrapWin.exe
  • uninstaller.exe
Legal Copyright
  • Copyright ©2007 W3i Holdings, LLC. All rights reserved.
  • Copyright © 2012
Original Filename
  • FreezeWrapWin.exe
  • uninstaller.exe
Product Name
  • Freeze.com Installation Utility
  • uninstaller
Product Version
  • 1.0.0.0
  • 1, 53, 0, 0

Digital Signatures

Signer Root Status
Payments Interactive SL AddTrust External CA Root Root Not Trusted
Awimba LLC DigiCert Assured ID Code Signing CA-1 Self Signed
Payments Interactive SL Go Daddy Class 2 Certification Authority Root Not Trusted
TUGUU SL Go Daddy Class 2 Certification Authority Root Not Trusted
tuguu sl Go Daddy Class 2 Certification Authority Root Not Trusted
Show More
W3i, LLC VeriSign Class 3 Code Signing 2004 CA Self Signed
Lunacom Interactive Ltd VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • .NET
  • dll
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 188
Potentially Malicious Blocks: 4
Whitelisted Blocks: 184
Unknown Blocks: 0

Visual Map

x x x x 2 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 0 0 1 0 1 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264\668309f2a9ae45f7979830c5a454cce2\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264\668309f2a9ae45f7979830c5a454cce2\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264\668309f2a9ae45f7979830c5a454cce2\installer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040\b53a3b2a9cb34710897d466f5d60f66a\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040\b53a3b2a9cb34710897d466f5d60f66a\e5f27fc382b62f506f188e7eda82af75d47e61531_0000792040 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040\b53a3b2a9cb34710897d466f5d60f66a\installer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\bhs20f6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\dfs930.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dfsbc6f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960 Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\edd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\edd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\installer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\launch.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\launch.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\launch.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dm\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\launch.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsabb1b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsm554.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\pkg_63703150\7zip_tn.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\autorun.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\backbox.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\d1.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\db.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\detection.0002.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\dialogs.0002.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\dp.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\event.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pkg_63703150\ico_check.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\offers.0002.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\offers.7zip.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\process.maindistribution.truste.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.0000.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.1002.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.1102.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.1202.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.1302.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\resource.1400.pkg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\sevenzip_banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\top_bar.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\welcome_7zip.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\welcome_bottom_disc.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pkg_63703150\wrapper.maindistribution.truste.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sad43bc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㑳ȁԯ龡^3紘Ç=獖}8좟Êh֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
Show More
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSecurityObject
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtSuspendThread
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange

9 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • getaddrinfo
  • inet_addr
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams

Shell Command Execution

C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
"c:\users\user\downloads\58414b8618ff0b40077c033877e31ddda5a1dad6_0004574328" /wrapper /dir="C:\Users\Fmrsvlny\AppData\Local\Temp\pkg_63703150" /account=8675 /campaign=7zip_exe /product=7zip /cfg=wrapper.maindistribution.truste.dat
C:\Users\Xeqghmax\AppData\Local\Temp\DM\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\launch.exe "edd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960" "dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960" "3b58bf0f691b4f20b2d34b2b6f203603" dec
C:\Users\Xeqghmax\AppData\Local\Temp\DM\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960\a896107152fe41c096cc6b72a98f0d89\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960 /path="c:\users\user\downloads\dd4c498b0ffe3ea5f7da4dfe05b6cf9be896d08d_0000813960"
C:\Users\Hibnwqfq\AppData\Local\Temp\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040\b53a3b2a9cb34710897d466f5d60f66a\e5f27fc382b62f506f188e7eda82af75d47e61531_0000792040 /path="c:\users\user\downloads\5f27fc382b62f506f188e7eda82af75d47e61531_0000792040"
Show More
C:\Users\Ymrvmikd\AppData\Local\Temp\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264\668309f2a9ae45f7979830c5a454cce2\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264 /path="c:\users\user\downloads\5a761e60a097765c219cc5e3d3eb48ada48bdfd5_0000738264"

Trending

Most Viewed

Loading...