Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Kraddare.OB

Adware.Kraddare.OB

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 3,568
Threat Level: 20 % (Normal)
Infected Computers: 12,843
First Seen: September 4, 2021
Last Seen: April 19, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Kraddare.OB
Signature status: No Signature

Known Samples

MD5: f3f3a2d325104348f3abae629300825e
SHA1: 3dbb57f9a75b8016ea309190ba1fa75e4061b0fb
SHA256: FED6E475134D9B9A088623F5B9A72FDA703901935BBA046B290FC12172D0EE90
File Size: 1.21 MB, 1205091 bytes
MD5: c7ce62d5f3fe1de80506010a5754209f
SHA1: cf902233c1cdf3591cc8a2a1e47e3eaf827667b6
SHA256: 9ED7CFE95EB126BC98951288FFFF3B237FAA68F0F9CEE099E726911D339CF43D
File Size: 653.86 KB, 653856 bytes
MD5: a386cbc92a02fe0526646a16622c41d9
SHA1: 50867e20cb962f801ae7ec52f2750f7d8d5cd5d5
SHA256: DCDE0D10F34699B688FEB54674D4E78741360477BF6B2D86061C5FAA5683CD1B
File Size: 1.07 MB, 1065803 bytes
MD5: 7ff61f6443906fd6042a95b24e246e2e
SHA1: 9b85b54d7dae8383c5e29f503c02cbb6fa6fecdb
SHA256: 7EE61051F351615E74244F6B9EC4F06B2349C4047FA435B877B0BA2F88BD8540
File Size: 5.29 MB, 5293587 bytes
MD5: fb5ee8f43adf43a8cdd354ac98f08e39
SHA1: 1b54d803125ab4474cd902205d7dd840e6deb61b
SHA256: DB912CFF97329F73160CB54D32AF7307CF198E2AB6350AA3AA70B47ABED9F958
File Size: 878.08 KB, 878080 bytes
Show More
MD5: c96cc6dc8792a7e6bd6c4d30297e5d01
SHA1: fb2524da0375078dbbbeb03df2ddce4a2cd1b1a9
SHA256: EBEE97D33EFECFC44857AAB5AEA3DC14063DB09B2196E2DF3DFA30DF3CE121F2
File Size: 7.79 MB, 7790692 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Monkey Software
  • Sunisoft
File Description
  • CheckUpdate Setup
  • IncUpdate Update.EXE
  • Optomate Touch Setup
File Version
  • 2006.2.18.225
  • 3.7.0.516
  • 2.0.1.107
  • 1.00
Internal Name
  • IncUpdate
  • TJprojMain
Legal Copyright
  • Copyright(c) 2003-2006, Sunisoft
  • Copyright © Arc Technology, Inc.
  • Monkey Software Pty Ltd
Original Filename
  • TJprojMain.exe
  • Update.EXE
Product Name
  • CheckUpdate
  • IncUpdate
  • Optomate Touch
  • Project1
  • SPI - Consulta
Product Version
  • 3.7.0.516
  • 2.7
  • 1.00
  • 1.0.0.0

Digital Signatures

Signer Root Status
fb7d1af9-0af5-4aac-9e28-d9f62058be8c fb7d1af9-0af5-4aac-9e28-d9f62058be8c Self Signed

File Traits

  • .adata
  • ASPack v2.12
  • dll
  • HighEntropy
  • packed
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926031 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\dereg.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\dereg.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\master.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\master.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\rchelper.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\rchelper.exe Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\rarsfx0\rcleaner.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\rcleaner.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\rcleaner.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\rcleaner.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\reg.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\reg.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\unfd.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\unfd.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\unins000.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\unins000.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\unins000.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\unins000.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\update.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\update.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\update.urs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\update.urs Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\5f7b5f1e01b83767.automaticdestinations-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\$$iuback Synchronize,Write Attributes
c:\users\user\downloads\$$iutemp Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\licenses::{r7c0db872a3f777c0} 䝻棕 RegNtPreCreateKey
HKLM\software\wow6432node\licenses::{k7c0db872a3f777c0} 跠葩჋?￿쏿ቛᕔ哄䢛౰⍥蟃篧핇ィ￿蟿రᅢ￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿⏿蟃쯧ἐ￿￿寃吒쐕魔灈攌쌣䝻棕￿￿ょ쌌￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿쌣 RegNtPreCreateKey
HKLM\software\wow6432node\licenses::{iae37fab8fd7a961b}  RegNtPreCreateKey
HKLM\software\wow6432node\licenses::{0ae37fab8fd7a961b} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) regedit /s Reg.reg
(NULL) C:\Users\Lntftjtz\AppData\Local\Temp\RarSFX0\RCleaner.exe
(NULL) regedit /s DeReg.reg

Related Posts

Trending

Most Viewed

Loading...