Multi-License Discount Quote

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Polski Português Svenska Türkçe Русский हिन्दी 日本語 汉语 漢語 한국어
Threat Database Adware Adware.Sogou
1 Comment

Adware.Sogou

By Sumo3000 in Adware
Translate To:

Threat Scorecard

Popularity Rank: 3,673
Threat Level: 80 % (High)
Infected Computers: 32,499
First Seen: November 20, 2015
Last Seen: January 25, 2026
OS(es) Affected: Windows

Adware.Sogou is a potentially unwanted advertising program. Adware.Sogou can be surreptitiously installed onto a machine and it often comes bundled with malware such as Trojans. Adware.Sogou is able to modify the Internet Explorer home page or and search page to display advertisements in the form of pop-ups, banners or links.

SpyHunter Detects & Remove Adware.Sogou

File System Details

Adware.Sogou may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. bdupdate.exe 3be0e8890a088580ff6840940d1d0988 104
2. tools_update.exe b18a0019f427178286ae667dbc350469 9
3. %ProgramFiles%\Common Files\Sogou PXP\p2psvr.exe
4. %ProgramFiles%\P4P\p4pipc.dll
5. %ProgramFiles%\P4P\SoDALib.dll
More files

Registry Details

Adware.Sogou may create the following registry entry or registry entries:
Regexp file mask
%PROGRAMFILES(x86)%\tools\bdupdate.exe
HKEY..\..\..\..{RegistryKeys}
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

Directories

Adware.Sogou may create the following directory or directories:

%PROGRAMFILES%\tools\update
%PROGRAMFILES(x86)%\tools\update

Analysis Report

General information

Family Name: Trojan.Sogou
Signature status: Hash Mismatch

Known Samples

MD5: b06a18fd2f9acb3b3fc9f32b3ae2852a
SHA1: c59366ed5c8e1b47f64af03c870793104afba75d
File Size: 203.90 KB, 203904 bytes
MD5: 76a87cc9960bce8a5eca578d26cedb29
SHA1: b594dca4b75301d6e52033ffc7b49d1bdf626fe1
File Size: 9.52 MB, 9517720 bytes
MD5: a20348f065f642f03c1912fbf586196e
SHA1: b813f3e662fafe5fba9933d28a993bc39bde894e
SHA256: 8BB883C65FC0339FBE0BE370E3AA7D5102EEC6BC823609DDD90A9A590A03D7EB
File Size: 1.95 MB, 1946600 bytes
MD5: 70b868cb848faaccdd470676e5ea2536
SHA1: 693407e313df2e68904b6b88bd9e44899f2f5149
SHA256: E27068DEF6897F7AB202EA541560F717540AB9AD72C73C699D6A33C8CBDF8C00
File Size: 545.73 KB, 545728 bytes
MD5: ae39c7b386b372c9a1bf1ed57c3a360f
SHA1: fb99c99c5b159c1b6658d58a279c1b5d7f09fea9
SHA256: AC7D8ED76116F01904C812A416AD968A970D1F75BF66503679CD826C998080DF
File Size: 1.48 MB, 1480768 bytes
Show More
MD5: cbcc292ee264028646aac724d9b9c9a0
SHA1: d635e2aec646d1cf2355d7e05f70f8e9bc6f123f
SHA256: 7A23721779E84873A1EF9ADD789B754EEA00F90A180A4C831410C6F0339B26FF
File Size: 46.26 KB, 46264 bytes
MD5: ca78f15a4ca31fd56fb07893b80d0b8e
SHA1: 7df80c26b5eb291e0cb248503f379c2bfbbb7568
SHA256: 6B94735D4076F9CE930E8ED8995EEF85152AB553CDA03EA28297F854434E2121
File Size: 1.95 MB, 1946544 bytes
MD5: f352c6eae6613183221cf9d24fbad06c
SHA1: 097317ab43c15d67ae5a4b68ba083e8d8a68869c
SHA256: 9040FDF54B462797755A05BAFD378AF3AD38E28D663C80C2F873F48DBAD7F384
File Size: 470.12 KB, 470120 bytes
MD5: b6ab761a2941bcaadc23bcef8f7b4060
SHA1: 3dba655fd506fabab8ccd642d21a97d58934231c
SHA256: 267187B1247E5F4C4B9A76E57DEA47FC619DE444AA56EDA91CB731017235C5F7
File Size: 462.45 KB, 462448 bytes
MD5: 89403c88a438fd262b889ca8d84eb39a
SHA1: a83f23ff4fadbf1172d1d9061130613152e4990c
SHA256: 4CCEE1C442AF9D5759DA5FE62A82907602518BE29DCB9908A4E760371A47EA7B
File Size: 551.29 KB, 551288 bytes
MD5: e46759dd45ad2a419e22e879394d5187
SHA1: c425e4f20dd8c34047c13e9fa24adbd5ca4d4ed0
SHA256: 6D1517C9ABEBA196E1273A5015D1E539D663A0B4AAD28D52548516DB20A7B2CB
File Size: 1.95 MB, 1946584 bytes
MD5: b9f69d30bf1dcd784751c70f3183ac6a
SHA1: 5f1f561509374902c5630f4a1969f24335d13da7
SHA256: D469EC7B7D15C5792B41EC59104FC7555F04C31E2BF489CDB3E5C7E78B3B9479
File Size: 1.61 MB, 1612288 bytes
MD5: c25b2a407eeec50bf55fd0ada0e091e3
SHA1: fe594cf2a0e0a75f13451467ec01f6fc9f1ba991
SHA256: AFBAE459621D8D1FE7EF21FD5394B5FD286C1AA29643BD8DD5C0BCCDBBE25B8E
File Size: 579.69 KB, 579688 bytes
MD5: 6bbf07a9c75e0be6dab3b846542a98c1
SHA1: 3a4fb56e9bdd4e2269fc7d2bf8fd0acce8866651
SHA256: 2D80D0B1D139B8533257CCC02D887D5755ADB93E2C368CCD02C58648C422D7FF
File Size: 1.95 MB, 1946544 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name Sogou.com Inc.
File Description
  • 搜狗上网中心
  • 搜狗下载器
  • 搜狗五笔输入法 工具
  • 搜狗拼音输入法 勋章推荐
  • 搜狗拼音输入法 安装工具
  • 搜狗拼音输入法 崩溃反馈
  • 搜狗拼音输入法 更新工具
  • 搜狗拼音输入法 网络更新程序
  • 搜狗输入法 云计算代理
File Version
  • 11.8.0.5496
  • 7.9.0.7428
  • 7.8.0.7199
  • 7.2.0.2893
  • 6.7.0.0329
  • 6.2.0.0000
  • 5.5.0.2584
  • 3.4.0.2308
  • 3.1.0.1972
  • 1.0.0.39
Show More
  • 1.0.0.0017
Internal Name
  • SogouPY
  • SogouPY CrashRpt
  • SogouPY Install.exe
  • SogouPY SGMedalLoader
  • SogouPY sgutil
  • SogouPY SogouCloud
  • SogouWB
  • SogouWP
Legal Copyright
  • (C)2012 Sogou.com Inc. All rights reserved.
  • © 2013 Sogou.com Inc. All rights reserved.
  • © 2014 Sogou.com Inc. All rights reserved.
  • © 2015 Sogou.com Inc. All rights reserved.
  • © 2016 Sogou.com Inc. All rights reserved.
  • © 2020 Sogou.com Inc. All rights reserved.
  • © 2022 Sogou.com Inc. All rights reserved.
  • © 2023 Sogou.com Inc. All rights reserved.
  • © Sogou.com Inc. All rights reserved.
Original Filename
  • CrashRpt.exe
  • Install.exe
  • SGBrowserSurf.exe
  • SGDownload.exe
  • SGMedalLoader.exe
  • sgutil.dll
  • sogouCloud.exe
  • SogouWB.ime
Product Name
  • 搜狗上网中心
  • 搜狗下载器
  • 搜狗五笔输入法
  • 搜狗拼音输入法
  • 搜狗输入法
Product Version
  • 11.8.0.5496
  • 7.9.0.7428
  • 7.8.0.7199
  • 7.2.0.2893
  • 6.7.0.0329
  • 6.2.0.0000
  • 5.5.0.2584
  • 3.4.0.2308
  • 3.1.0.1972
  • 1.0.0.39
Show More
  • 1.0.0.0017

Digital Signatures

Signer Root Status
Sogou.com Class 3 Public Primary Certification Authority Root Not Trusted
Beijing Sogou Technology Development Co., Ltd. DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Sogou.com Symantec Class 3 SHA256 Code Signing CA Self Signed
Beijing Sogou Technology Development Co., Ltd. VeriSign Class 3 Code Signing 2010 CA Self Signed
Sogou.com VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • HighEntropy
  • Installer Version
  • x64
  • x86

Block Information

Total Blocks: 5,138
Potentially Malicious Blocks: 18
Whitelisted Blocks: 4,042
Unknown Blocks: 1,078

Visual Map

0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 0 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 ? 1 ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? x ? ? ? ? 0 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 1 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? x 0 0 ? x 0 ? ? x x ? x ? x x 0 0 0 0 ? 0 0 0 ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 0 2 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 3 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\sgdownloadpipenew2 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 786432

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 ⠍ȁ⋡龡^Ū紘Çó獖}Ŵ⦘·Ŵ좟Êh,֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 꿤ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserDisableThreadIme
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetKeyboardLayoutList
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserMsgWaitForMultipleObjectsEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

open C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\SogouTSF.ime
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fb99c99c5b159c1b6658d58a279c1b5d7f09fea9_0001480768.,LiQMAxHB

1 Comment

adware spyware removal tool Reply

Is Adware.Sogu as bad as having a Trojun virus? I mean even though its adware can it corrupt your hard drive like a Trojun?

Trending

Most Viewed

Loading...