Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Solimba

Adware.Solimba

By ZulaZuza in Adware

Threat Scorecard

Popularity Rank: 6,164
Threat Level: 20 % (Normal)
Infected Computers: 5,471
First Seen: December 6, 2012
Last Seen: April 12, 2026
OS(es) Affected: Windows

Adware.Solimba is a generic detection for a category of adware used for data harvesting and distributing other malware. One of the most recent widespread examples of Adware.Solimba is an adware infection that is distributed as a key generator for illegitimate copies of the Windows 8 operating system. However, the twist is that Adware.Solimba is designed to display an error message claiming that the victim's version of Windows 8 is illegitimate and then directing the victim to press on an OK button which actually serves to install other malware on the victim's computer. This version of Adware.Solimba is hardly the only one.

Adware receives its name because, originally, these malware infections were solely designed to deliver advertisements in the form of distracting pop-up windows to the victim's computer. However, adware is becoming increasingly more complex and invasive due to the bundling of these infections with spyware and other forms of malicious software. This is done by shady marketing companies and criminals wishing to exploit the potential profits inherent in data harvesting, that is, tracking computer users' activity and preferences and then selling this data to a third party for advertisement and marketing purposes. Advertising is often a necessary evil; it has, in fact, been responsible for the boom of content on the Internet. However, the desire for easy money has turned adware into potentially invasive applications that can have a destructive impact on a computer and negatively affect a computer user's online activity and experience. Adware.Solimba variants are some of the top adware infections of 2012.

When an anti-malware program detects an Adware.Solimba infection, this is usually a generic detection that is meant to alert the computer user that there is a third party program being installed along with another program without the computer user's knowledge. The most common kinds of Adware.Solimba infections are executable files that have behaviors typical of Trojan downloaders. They try to download and install other executable files from advertisement networks, which are then used to deliver pop-up advertisements to the victim's computer while also collecting data from the infected computer. These will usually use social engineering to enter a computer in the first place (such as with the above example of a fake key generator).

Analysis Report

General information

Family Name: Adware.Solimba
Packers: UPX
Signature status: Modified signature

Known Samples

MD5: 61226e2f4f0343bb7cadec19e780bdc7
SHA1: 7080b6c058380ef21a26a8f507c28be5e936b755
File Size: 232.76 KB, 232760 bytes
MD5: 0baf72c8ece3238a2cb5ca1b947b73e1
SHA1: 9d0daa01506d05d9af23a69af82d63dab1856cc0
File Size: 419.10 KB, 419104 bytes
MD5: 6939d0e3a332349f7fa39e536324d920
SHA1: b1afe00366a4ee082fc4069d9b9fe9592952e3c2
File Size: 550.47 KB, 550472 bytes
MD5: 3d9f388f98c351a181c7fef468785a57
SHA1: ac3b7e0ca846059876fc862cd03792f45de417cf
File Size: 413.05 KB, 413048 bytes
MD5: 0249bb0ebf4de41a57acf4e137d793ea
SHA1: 92ac60fbb21121c65d4d0d31bc48ad3be7a45b74
File Size: 169.27 KB, 169272 bytes
Show More
MD5: 280f9972bfd2a6d609802a98624b97ae
SHA1: 9d035c31a6e9c38648f98f650e1c14ee2fd5b48e
File Size: 550.59 KB, 550592 bytes
MD5: d0268c351d1dfad04436d660fabcad9d
SHA1: e52a7c153f6fff4d0bd4f891b299cc8300bc1dfe
File Size: 218.68 KB, 218680 bytes
MD5: a5f168fa576bb3c14f07bc3f73df4206
SHA1: 7dfc07343331aab984e02d866db5bfc13e531897
SHA256: F4810AB02FA2241A73810A7C7694B6AC1177DDD1A868882B5E271DBCA23F0BE8
File Size: 277.22 KB, 277224 bytes
MD5: c06a315fc7d8dda00a406c45986b8ae6
SHA1: 427c4df1f5aba61925d662b48ce4486415c45891
SHA256: 3B65E8A06E65AAAD32E271AF722C17B0CAA27ED109325B1B7B7C6E150D5B72AA
File Size: 513.44 KB, 513440 bytes
MD5: 9f34e443156e0d78c0f38017e2e0113d
SHA1: 7616b112355103f6c1ba22c8b9d9ad78d9005f66
SHA256: 8364F32853A587F15AE5F79B9845688935E61017AD38818054940CC44915FD7B
File Size: 513.44 KB, 513440 bytes
MD5: 7e5adab0441fa61a1757ce0ed93db3e3
SHA1: 0d9e8d8029ccaf27377b75b88e5a3f5e871fca20
SHA256: 99ED2CF1BED19C47B32A4EF5314B12671FDC8D8B948F79BDD718EE16E4AC35F1
File Size: 169.27 KB, 169272 bytes
MD5: 046e1f9a437fd58f91e879fcef2837e4
SHA1: 80077b58aeee1cfab7bed147721f917c8cd599c1
SHA256: E4656861ED2E7B0DB0BDE2E0A878CB5B772DA400EDC3F49C6FB72FD366302552
File Size: 568.02 KB, 568024 bytes
MD5: a90ba59542fefabeb934692a955a2455
SHA1: e28b054478cae1c3d438b7a853c1bb81ba444839
SHA256: AC98C0972696B4E7983B867D8B57839C03FDA1D3E5437CB26C9230D41C34AF95
File Size: 288.70 KB, 288696 bytes
MD5: 91b70dcaf39e6fc26061434f5886952b
SHA1: 8fea73fff470edfc4cf35a68cc8a750d35536dbf
SHA256: CA2F8A37ACD9C02867AA6AC990B78C67875FAA2B96195AF771D77ACC7CBCC770
File Size: 146.88 KB, 146880 bytes
MD5: fade9e18c2069080a498ce31bc4a9d9a
SHA1: 2bc7b56750bc7736ab36fd0d1a7c9a70510a465c
SHA256: 6799677DD16851ABE488E6B206A1D668664720116A8C187F5E1A8F4C633BA9F8
File Size: 580.30 KB, 580304 bytes
MD5: 69ca2d735b952d1e29de38d61aa48943
SHA1: e304c2cb328f169cea55b0d0a80221e4f0bec514
SHA256: 0388D0C2A167F3879D5080D4DDFC3B01B9B8DC8AC0373BB9EFB92158814532A7
File Size: 169.27 KB, 169272 bytes
MD5: eea8df64d2939d0eb215f61d29b1f511
SHA1: 756e440cee32f9124605bb5028f475e45c9e1eec
SHA256: D8356B9A0F1F0B937E9CB5BA1C33C802A9ABDF0B29172C4B061F93A6DFA7D87A
File Size: 211.58 KB, 211584 bytes
MD5: e78c04c5efc02610dec8939f4943ace4
SHA1: 879069fda8ba59c781a172a386f2549f2867ce17
SHA256: C622B87EBA1B8BFF7A57C446146C195A77CF9C53B2E19D481AFFF4553A89C181
File Size: 188.22 KB, 188216 bytes
MD5: 27e484ce173e835e49c9333eee90203c
SHA1: 0982a19be13f234f5e8d6ee512d1521aa7215313
SHA256: ED5305E01FB3DB5B0069E9D55CF9C7A37007257895A149B6F2283CBF24942260
File Size: 585.92 KB, 585920 bytes
MD5: d177b1df9131ad5b50107f5724c80ef3
SHA1: f6e2e91492dded6fdd49ea64fd5a05289bdec3ad
SHA256: EDB8C726EF1D655A64E5EB61A0C2E692693E27A5A4F860CC99BDEFD436278C44
File Size: 161.43 KB, 161432 bytes
MD5: a615bfe11ba9283035b7793d2b997972
SHA1: 9d3d3b564a32b2d1fdff51e6b71b44e63aa4c6d2
SHA256: 05D57A886929C05265D0BAF3E288ED6E9AD3FA5F2727D03D65B02CE3478B54ED
File Size: 180.86 KB, 180864 bytes
MD5: 2e48e533dbe8775263ad2d80b7c6391d
SHA1: 70c502d688c1185cb1b561a6c8cd6b35ac6e1fb2
SHA256: 7AEB6E8E093A36C8737F718965581DEB75F67ED897FE427B0A32D01E0B0AE355
File Size: 169.27 KB, 169272 bytes
MD5: 38a2fc384a52a9f7301f439439328833
SHA1: 15197739421cc6039fa566d33028c78c8974e984
SHA256: 9C1721D167BED245DD0DDF69D8C3A4AF3AF66B59A2E0ADCA570CC88B09F90095
File Size: 190.60 KB, 190600 bytes
MD5: 8d5d2ee4b810786bf1a67f78075a9a2a
SHA1: f1184747517178e7470f947541d13a705b5dc030
SHA256: FBC30C3CC066BE2D1BE102EF82BD8400AE86A384B314CE3CC95FE6031163A82A
File Size: 283.23 KB, 283232 bytes
MD5: 3116b34adf52ed0a378dada521bdfb51
SHA1: d9438eb188a25a44c8c894a0195b5fb48be87914
SHA256: 9910DC2BE079AA41B854C1C070EA524FD04FE9640CA18F98CC6E57BF61A1BE85
File Size: 4.20 MB, 4196040 bytes
MD5: ba3636d46c4fb1c677af607a6404cbc5
SHA1: 20519d7db918a38a6822290b96e9a416a5c40747
SHA256: B9E78353018A7534467B8D9A011F40170D2B0DDE603753D9B7F1A57D86ED67E7
File Size: 537.82 KB, 537824 bytes
MD5: ed42e4e12e640ed7640f6f862362991b
SHA1: a6df8791590350c8968c49e02400f2a5cf612e79
SHA256: C1A820DFC1F9167896432FBC110BDE6669452B0E77AB983D48E12D4DAE31CF24
File Size: 218.68 KB, 218680 bytes
MD5: f81f5d4a0fcb06e46ab3613e94916d0f
SHA1: fefcae26d52af842cf088125c5cdad5b23a997aa
SHA256: D9684702C1BF4D41241E6D339F13A1551EE6BB763683AD3F789E1D552D279211
File Size: 208.81 KB, 208808 bytes
MD5: 904fefdf882400b82277507d168bd9e0
SHA1: 5d7db8945d38b030c322558b32ca18f0c8f2c4ff
SHA256: 7655388D1A85D71A0D55682DE178F38B01082CB78364CEF1D2C5CC9D8FD8F22D
File Size: 283.26 KB, 283264 bytes
MD5: 4899d6fe6e0dadc0217c3b73332a83b4
SHA1: 5416aeb4228f201d08cc5e8c737e722db7c9757e
SHA256: 9D299953AEC35E7F291DC620385352B73ADE480906EBAF1B76BA810DF6B9EF90
File Size: 165.18 KB, 165176 bytes
MD5: d5316e2556a66c39729d89b8dc7ca297
SHA1: 0fae4b5ce8b4294c6d4f89130266dc8d40ccdde0
SHA256: 8EC6FE0F70ED40BE49CEA5989F5B909A268ABCC5922533D4CF93BA5002DBF879
File Size: 209.80 KB, 209800 bytes
MD5: 0c2cd8cf44fc30647acc8d9160467356
SHA1: c1b2d06728de067b6bbeb61f0874763e23b481a1
SHA256: 622ACBA79719D8F80FB135E062695372FFCE7803148B148EB80CB70839D2E63E
File Size: 267.34 KB, 267344 bytes
MD5: b0f5544a32bb2d9d4f639cba8c6b7c6e
SHA1: 9bebe1e16611517ce45569dc614b9fced6dfdc94
SHA256: 615435EC0EA04CEC2F945F29B4B32E0F2C6089A25CA94814D56656A787DC2BCA
File Size: 168.76 KB, 168760 bytes
MD5: 8e620fa6ce97d1cc0e69d9b83b345ef2
SHA1: 2a394279c207dc42f4d8a66a0bc9ace65e243695
SHA256: 8A8CC21F52FBF9D232DCC3DE3C2E95135BFF7E5A77A824EBEA8CFDA0DACE7C72
File Size: 267.12 KB, 267120 bytes
MD5: 8f7375af3201bc6dc086f614dd05c996
SHA1: bfb05f1a09e09416f24c7db702d22e54f832f372
SHA256: CD867DAA9452C765FFC93B213B48D823D8523BDFE02355C58E71DB404982CC27
File Size: 169.27 KB, 169272 bytes
MD5: 6cb99386e9b70ab5fe91027d34110420
SHA1: 6c2310670ac979eede4c9221b00b3446a8be8c31
SHA256: 13254B6A3A780CD1DE441C06F50183D44E4F9974E700F52BC243B57205313455
File Size: 361.70 KB, 361696 bytes
MD5: 7cd1374e90e2035fb2119aac73752355
SHA1: b1ecff03a767facd72782af6f985e0dbed45ede9
SHA256: 5EDB9E07F3C93A88239B0714C6C1A39C7E78A95E34F68A4104D1DD7AE79BF8EA
File Size: 288.70 KB, 288704 bytes
MD5: d05eb763914aa51f40ff19a96f37d3fd
SHA1: 2e108e079b991d9aad6bc685856fe27b03826d62
SHA256: 35F398BDBA80E0164E4AF7E362AFCC5D7F1903DD4D5E78AA147B2C80BC9C2622
File Size: 214.49 KB, 214488 bytes
MD5: 31f317bfaa41a028f40a5107cc3fb022
SHA1: 9c59a0bcd9cf3504ccd8f51257598b7751b49b0b
SHA256: 8DA78DB759E44499C5AE927ADB8FD9287215425190DAAB274ED576AA5F6C6B61
File Size: 181.34 KB, 181336 bytes
MD5: eeb5f208cfa3cf0f8d10463ba71f7b9f
SHA1: caca43de16db379c9045d15f8f7f159b9c2247e3
SHA256: 9FAC5AFF51B4BE75D1221F2E570A1D0ABBCEF20914226804A9FD9C93E00E7E36
File Size: 169.27 KB, 169272 bytes
MD5: 57480c8584bb88bf4cedab36e11dc196
SHA1: 1d528618b46a5e6e84296a58b9af181ffe5c5721
SHA256: 68E38D1EEB868C6650CF6B787A783DA3A3FFAA537EC3F261EEEB5D506AD829FA
File Size: 288.68 KB, 288680 bytes
MD5: f9bd0551425789d1eee97f84c3a6095e
SHA1: a8c663fc0c0e1735201c8acf0989d4959695424a
SHA256: B214722293BD2BF957C5FEF71D30821D84A6E9AC8FC09D93D4164FC3A13765DB
File Size: 231.50 KB, 231496 bytes
MD5: b252e73604dacb6eea67707a0487af86
SHA1: 087c1e2279324ad6ddaf8dde741672dbca0de994
SHA256: 00269CAE8CA3F03DF414F5B57A4B70A9DD39F00A98FA369486D7EC067E29036A
File Size: 202.94 KB, 202936 bytes
MD5: 2cc346f480627b086a5b973a037a4ea2
SHA1: 4b4cec92a03f9851342baa25b0743f73fbe479fd
SHA256: E26F6C02839FD7B489EDC2AC916E111A7A013381953F3406B25B9591BAF375F1
File Size: 577.73 KB, 577728 bytes
MD5: b618cadfd2308d6e17b34bbf26646e7e
SHA1: 39257747c1b162a7ff7640497b1df4edc1850e57
SHA256: BEB5B0535604C8AAA8811A06C46EC21BE788B688AFECE682BB34E2953AC03721
File Size: 264.56 KB, 264560 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

15 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version 3.1.31.0
Comments Setup Install
Company Name
  • Apps·Install
  • Bechiro
  • Firser
  • Firseria
  • Firseria.-.Installer · sl
  • Firseria s.l.
  • Firseria·s·l
  • Firseria·s·l·
  • F¡rser¡a s·l·
  • infidus vilitas facio
Show More
  • Installation helper
  • Setup Install
  • setup process
  • setupprocess
  • ulciscor peritus universum expeto
File Description
  • 3d-pinball-unlimited
  • adobe-photoshop-cs-3
  • Adobe Reader AppInstaller
  • aliquot
  • aufero detego tracto
  • Download Manager
  • Dropbox AppInstaller
  • DVD Shrink AppInstaller
  • DwonldMnger
  • FLVMPlayer AppInstaller
Show More
  • FLVMpubG Player
  • inst all
  • Installation helper
  • Installer
  • installer
  • installer setup
  • install manager
  • irfanview
  • microsoft-security-essentials
  • MSN 2012 AppInstaller
  • PhotoRec installer
  • Setup Install
  • Setup Manager
  • Tristesse
  • ubuntu
  • zararadio
File Version
  • 95.59.75.72
  • 33.69.33.20
  • 3.1.31
  • 3.1.22.12
  • 3.1.22.7
  • 3.1.13.35
  • 3.1.13.32
  • 3.1.13.8
  • 3.1.13.6
  • 3.0.30.6
Show More
  • 3.0.30.1
  • 3.0.17.6
  • 3.0.17.4
  • 3.0.15.1
  • 3.0.12.0
  • 3.0.10.1
  • 3.0.3.0
  • 2.2.60.1
  • 2.2.54.0
  • 2.2.43.0
  • 2.2.34.0
  • 2.2.27.0
  • 2.2.0.0
  • 2.1.493.0
  • 1.0.0.23
  • 1.0.0.19
  • 1.0.0.15
  • 1.0.0.11
  • 1.0.0.6
  • 1.0.0.2
  • 1, 2, 0, 0
Internal Name
  • dmr.exe
  • Firseria.-._setup.exe
  • install.exe
  • installer
  • Installer
  • installer
  • pervideo intueor setup
  • Setup
  • setup.exe
  • setup fortuna domus horum pariter
Show More
  • setup manager
  • ¡nstall
  • ·installer·
Legal Copyright
  • (c) 2010 (2013-01-25 18:37)
  • (c) 2010 (2013-02-05 11:59)
  • (c) 2010 (Build:2012-10-23 10:27)
  • (c) 2010-2013 (201303151737)
  • (c) 2010-2013 (201304191608)
  • All rights reserved © 2014
  • AppInstaller 2013 (131632108)
  • AppInstaller 2013 (131701413)
  • AppInstaller 2013 (131770146)
  • AppInstaller 2013 (131891749)
Show More
  • AppInstaller 2013 (131911503)
  • AppInstaller 2013 (132081122)
  • AppInstaller 2013 (132132235)
  • AppInstaller 2013 (132190408)
  • AppInstaller 2013 (132281332)
  • Copyright(c) 2013
  • Copyright (c) 2013
  • Copyright 2013
  • Copyright 2014 impedito
  • Copyright ferme
  • Copyright ©2013
  • Copyright © 2014
  • Copyright© 2014
  • copyright © 2014
  • Copyright©2014
  • Copyright © 2014 Bechiro
  • copyright·©·2013
  • © 2014
Original Filename
  • dmr.exe
  • install.exe
  • installer
  • installer.exe
  • installer·exe
  • setup_install.exe
  • ¡nstal.exe
Product Name
  • 3d-pinball-unlimited
  • adobe-photoshop-cs-3
  • Adobe Reader
  • Apps-manager
  • Dropbox
  • DVD Shrink
  • FLVM Player
  • FLVMPlayer
  • I-LI infero litterae perlustro
  • III.I.XXXI
Show More
  • Installation helper
  • Installer
  • installer.exe
  • irfanview
  • LV-II fungor
  • microsoft-security-essentials
  • MSN 2012
  • PhotoRec
  • Tristesse
  • ubuntu
  • zararadio
Product Version
  • 52.82.34.83
  • 48.18.22.16
  • 3.1.31
  • 3.1.21
  • 3.1.19
  • 3.1.18
  • 3.0.30
  • 3.0.28
  • 3.0.23
  • 1.0.0.15
Show More
  • 1.0.0.11
  • 1.0.0.6
  • 1, 2, 0, 0

Digital Signatures

Signer Root Status
SETUPPROCESS DigiCert Assured ID Root CA Root Not Trusted
Eilio Developments sl GlobalSign CodeSigning CA - G2 Self Signed
Firseria GlobalSign Root CA Root Not Trusted
Bechiro S.L. Thawte Code Signing CA - G2 Self Signed
Danorel Integral Thawte Code Signing CA - G2 Self Signed
Show More
Delimax Concept Thawte Code Signing CA - G2 Self Signed
FIRSERIA, S.L. Thawte Code Signing CA - G2 Self Signed
POPELER SYSTEM, S.L. Thawte Code Signing CA - G2 Self Signed
Solimba Aplicaciones S.L. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Apps Installer S.L. thawte Primary Root CA Root Not Trusted
Bechiro S.L. thawte Primary Root CA Root Not Trusted
FIRSERIA, S.L. thawte Primary Root CA Root Not Trusted
POPELER SYSTEM, S.L. thawte Primary Root CA Root Not Trusted

File Traits

  • .NET
  • Installer Version
  • RijndaelManaged
  • x86

Block Information

Total Blocks: 628
Potentially Malicious Blocks: 28
Whitelisted Blocks: 600
Unknown Blocks: 0

Visual Map

1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 x x x x x x x x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 x x x x x x x 0 0 x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 1 1 1 2 0 1 0 0 0 0 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 0 1 1 0 1 1 0 0 1 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 2 3 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AutoHotkey.A
  • Bitcoinminer.R
  • ClipBanker.CZ
  • CoinMiner.BB
  • Emotet.AAJ
Show More
  • Emotet.AAL
  • Kryptik.FAQ
  • MPRESS Packer
  • MSIL.Agent.YJ
  • MSIL.Coinminer.AEB
  • Salgorea.E
  • Strictor.A
  • Tofsee.BP
  • Upatre.WIA

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ins1990\ins1990.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ins5639\ins5639.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ins895\ins895.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n1311\s1311.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n1311\s1311.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n1872\s1872.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n1872\s1872.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n218\s218.exe Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\n3020\ins3020.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n3388\s3388.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n367\s367.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n4261\ins4265.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n4996\s4996.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n4996\s4996.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n5159\ins5159.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n5338\s5338.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n5338\s5338.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n6141\s6141.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n6141\s6141.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n6418\s6418.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n7490\s7490.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n7490\s7490.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n7996\s7996.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n7996\s7996.exe.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb6382.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb6382.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca796.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsca797.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca797.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd4505.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsgdc47.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgdc47.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ec.tmp\inst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5ec.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha768.tmp\northstar.arg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha768.tmp\northstar.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsha768.tmp\northstar.pat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha768.tmp\vpatch.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi7320.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsia8a1.tmp\dnwm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsia8a1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8d17.tmp\dlmgn.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8d17.tmp\dlmgn.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjb81b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsjb9a1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsl3f2a.tmp\nrth.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6371.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsma786.tmp\dlmgn.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsma786.tmp\dlmgn.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsob925.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsob925.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp576a.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp576a.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqdc46.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr5db.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsra757.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nss4515.tmp\domanager.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4515.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa7f4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nssa890.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nstfcfb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nstfcfc.tmp\northstar.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstfcfc.tmp\northstar.narf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstfcfc.tmp\nsunzip.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstfcfc.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv3f19.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvbced.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvbcee.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\downloadmr.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\downloadmr.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\downloadmr.iz Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\downloadmr.iz Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\nsunzip.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\nsunzip.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbcee.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx7330.tmp\dnmn.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx7330.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyb82b.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyb82b.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz136f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsz1370.tmp\northstar.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz1370.tmp\northstar.narf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz1370.tmp\northstar.narf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz1370.tmp\nsunzip.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz1370.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz5759.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nszb915.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nszb9b2.tmp\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb9b2.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\0d63a744638e55e5d3f5a6bf50faa1b5_e5eb3634f775e9fd48f4ed1558c8c9a6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\12236c41cddf9e40ba5606cdf086b821 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\1f39b5cfacecfde48db25bca2231fac6_f0e2901b5cb9dfcb03318b8d06c40a30 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\62b5af9be9adc1085c3c56ec07a82bf6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\68faf71af355126bca00ce2e73cc7374_d83c582f69e1d2d5dbf1c7331b0b9e85 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\77ec63bda74bd0d0e0426dc8f8008506 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7b8944ba8ad0efdf0e01a43ef62becd0_20937c87a2bf6c2eb36fb48775567f7b Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8dfdf057024880d7a081afbf6d26b92f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8e4e510f44a56b8c8ecfec352907c373_2d5f48902af9bdf23d43c96a0e2f2f07 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8e4e510f44a56b8c8ecfec352907c373_2e926affdf027eb0e48ced864a4f1fc6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8e4e510f44a56b8c8ecfec352907c373_3cb1a6b5e29fc9dcd533722c4568e06f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8e4e510f44a56b8c8ecfec352907c373_75e9292196748f7e1bd16737619d5bfb Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8edcf682921fe94f4a02a43cd1a28e6b Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\955cab6ff6a24d5820d50b5ba1cf79c7_cc1689c2a9a5cb35265f3c2516751959 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\cd9c747f40eea288d73938d33144f716 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\0d63a744638e55e5d3f5a6bf50faa1b5_e5eb3634f775e9fd48f4ed1558c8c9a6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\12236c41cddf9e40ba5606cdf086b821 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\1f39b5cfacecfde48db25bca2231fac6_f0e2901b5cb9dfcb03318b8d06c40a30 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\62b5af9be9adc1085c3c56ec07a82bf6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\68faf71af355126bca00ce2e73cc7374_d83c582f69e1d2d5dbf1c7331b0b9e85 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\77ec63bda74bd0d0e0426dc8f8008506 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7b8944ba8ad0efdf0e01a43ef62becd0_20937c87a2bf6c2eb36fb48775567f7b Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8dfdf057024880d7a081afbf6d26b92f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8e4e510f44a56b8c8ecfec352907c373_2d5f48902af9bdf23d43c96a0e2f2f07 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8e4e510f44a56b8c8ecfec352907c373_2e926affdf027eb0e48ced864a4f1fc6 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8e4e510f44a56b8c8ecfec352907c373_3cb1a6b5e29fc9dcd533722c4568e06f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8e4e510f44a56b8c8ecfec352907c373_75e9292196748f7e1bd16737619d5bfb Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8edcf682921fe94f4a02a43cd1a28e6b Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\955cab6ff6a24d5820d50b5ba1cf79c7_cc1689c2a9a5cb35265f3c2516751959 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\cd9c747f40eea288d73938d33144f716 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\assembly Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\91c6d6ee3e8ac86384e548c299295c756c817b81::blob 쪌௜츢뻵걲ᩁꠑዘﺅᯱ䝏㧾勒ƃ柳皉﻾컠*⠰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ă *⠰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ăS%⌰ℰଆ虠ňŅ〇、〒ؐ⬊ĆĄ㞂ļ́拀Ā 贀⽲ꦁᏁ秀ꈶ涖沲કᶗ殴饁 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\91c6d6ee3e8ac86384e548c299295c756c817b81::blob \ࠀ珜럹ᘞᷕ刦㉽᪱㵪욑訾揈쉈⦙畜腬腻h~쀀⼃ǖ thawte㭛gʀ䈮孠㭫䁲孻콅캯立ㇽ᪒뙪䛳埫偈b 犍脯솩쀓ᵹ㛱隢뉭镬霊됝䅫哪讷鿻S%⌰ℰଆ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\91c6d6ee3e8ac86384e548c299295c756c817b81::blob ﺅᯱ䝏㧾勒ƃ柳皉﻾컠*⠰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ă *⠰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ăS%⌰ℰଆ虠ňŅ〇、〒ؐ⬊ĆĄ㞂ļ́拀Ā 贀⽲ꦁᏁ秀ꈶ涖沲કᶗ殴饁띔ﮋᒟĀ᐀笀䕛꿏쯎ﵺ鈱 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob \Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋ .Thawte Timestamping CA  ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\91c6d6ee3e8ac86384e548c299295c756c817b81::blob 珜럹ᘞᷕ刦㉽᪱㵪욑訾揈쉈⦙畜腬腻h~쀀⼃ǖ thawte㭛gʀ䈮孠㭫䁲孻콅캯立ㇽ᪒뙪䛳埫偈b 犍脯솩쀓ᵹ㛱隢뉭镬霊됝䅫哪讷鿻S%⌰ℰଆ虠ňŅ〇、〒ؐ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 窣ﻫ䖹ǜ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob ់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀ ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀ ب⬈Ćԅ̇؂⬈Ćԅ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 텏㆕头ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鐦ݙ歋ǜ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\07e032e020b72c3f192f0628a2593a19a70f069e::blob 䂁ᣅﱩⱆ疉ར碪嚨출얜米ቺ惟Ⲍ咼Se挰ℰଆ萪Ũɷą、〒ؐ⬊ĆĄ㞂ļ́ダء⨋梄蘁矶Ԃ܁ሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́ীĀ吀 ْ⬈Ćԅ̇؂⬈Ćԅ̇؃⬊ĆĄ㞂̊؄⬈Ćԅ̇؄⬈Ćԅ̇؆⬈Ćԅ̇؇⬈Ćԅ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\07e032e020b72c3f192f0628a2593a19a70f069e::blob \ࠀ縟୵歖訒룀埖⩭ꕰ뜠㼬⼙⠆妢᤺ྦྷ鸆泥閯洬ꫲឤ꜆䑺ς瘈쯍'췅믭벐蓢䘷b 塜赆䦎瑾船뗒က톶㝥콊ꞃꏔ뜭쑨蹀 4Certum Trusted Network CA T RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\b94294bf91ea8fb64be61097c7fb001359b676cb::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\b94294bf91ea8fb64be61097c7fb001359b676cb::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\b94294bf91ea8fb64be61097c7fb001359b676cb::blob RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe พ舃ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꦥ则ꍖǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe Ი톊ꨉǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꔟ뚛ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeletePortSection
Show More
  • ntdll.dll!NtAlpcDeleteSectionView
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeDirectoryFile
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject

117 additional items are not displayed above.

Other Suspicious
  • SetWindowsHookEx
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Shell Command Execution

open C:\Users\Sqlrpabk\AppData\Local\Temp\\ins1990\ins1990.exe ins.exe /e6588846 /u5177da23-5020-4d41-bc47-70525bc06f2f
C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
open C:\Users\Bcmetdjt\AppData\Local\Temp\\n218\s218.exe ins.exe /e 12955644 /u 52fe2c91-49dc-40b7-b209-1f140a000013 /h 8bd8fb.api.socdn.com /v "c:\users\user\downloads\9d0daa01506d05d9af23a69af82d63dab1856cc0_0000419104.exe"
C:\Users\Xswqluol\AppData\Local\Temp\\n7996\s7996.exe ins.exe /h 8bd8fb.api.socdn.com /e 13110420 /u 52fe2c91-49dc-40b7-b209-1f140a000013 /v "c:\users\user\downloads\b1afe00366a4ee082fc4069d9b9fe9592952e3c2_0000550472.exe"
open C:\Users\Hsvcvwwy\AppData\Local\Temp\\n6418\s6418.exe ins.exe /h 05e0fa.api.socdn.com /u 5280fdf5-b928-4cc4-9510-17bb0a000013 /e 12757087 /v "c:\users\user\downloads\ac3b7e0ca846059876fc862cd03792f45de417cf_0000413048.exe"
Show More
open C:\Users\Kmtmfjkw\AppData\Local\Temp\\ins895\ins895.exe ins.exe /e4895713 /u4e6dc5a8-8b04-4b39-a43b-6b925bc06f2f
C:\Users\Xextudfq\AppData\Local\Temp\\n4996\s4996.exe ins.exe /u 52fe2c91-49dc-40b7-b209-1f140a000013 /e 13278182 /h 8bd8fb.api.socdn.com /v "c:\users\user\downloads\9d035c31a6e9c38648f98f650e1c14ee2fd5b48e_0000550592.exe"
C:\Users\Zgmtfgfv\AppData\Local\Temp\nsj8D17.tmp\dlmgn.exe "c:\users\user\downloads\e52a7c153f6fff4d0bd4f891b299cc8300bc1dfe_0000218680.exe"
open C:\Users\Fkgbkytm\AppData\Local\Temp\\n4261\ins4265.exe ins.exe /e10232334 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
open C:\Users\Pnrhlamz\AppData\Local\Temp\\n367\s367.exe ins.exe /h 4b043.api.socdn.com /e 12902139 /u 50d1d9d5-cf90-407c-820a-35e05bc06f2f /v "c:\users\user\downloads\427c4df1f5aba61925d662b48ce4486415c45891_0000513440"
open C:\Users\Owyqecrd\AppData\Local\Temp\\n3388\s3388.exe ins.exe /u 52fe2c91-49dc-40b7-b209-1f140a000013 /e 12363826 /h 48bd8.api.socdn.com /v "c:\users\user\downloads\7616b112355103f6c1ba22c8b9d9ad78d9005f66_0000513440"
s7490.exe /e 13906423 /u 5280fdf5-b928-4cc4-9510-17bb0a000013 /h 5e0f.api.socdn.com /v "c:\users\user\downloads\80077b58aeee1cfab7bed147721f917c8cd599c1_0000568024"
C:\Users\Iueyzsei\AppData\Local\Temp\nsp576A.tmp\installer.exe e876d9d0-e3fb-11e2-b66b-00259033c1da.exe /t1022fff70e61aa214ee778a169dcc0 /dT132281332S1022fff70e61aa214ee778a169dcc0 /e9464140 /ue876d9d0-e3fb-11e2-b66b-00259033c1da
C:\Users\Jkquqjyg\AppData\Local\Temp\nsx7330.tmp\dnmn.exe /u4dc91109-8910-4f47-b8b6-203e5bc06f26 /e55761
s5338.exe /e 13553192 /h 5e0f.api.socdn.com /u 5280fdf5-b928-4cc4-9510-17bb0a000013 /v "c:\users\user\downloads\2bc7b56750bc7736ab36fd0d1a7c9a70510a465c_0000580304"
open C:\Users\Zhatkhio\AppData\Local\Temp\\ins5639\ins5639.exe ins.exe /e11775316 /u5193805b-c284-4f85-b972-26465bc06f2f
C:\Users\Auzkporp\AppData\Local\Temp\nsgDC47.tmp\installer.exe 512e4fc0-18d4-4361-bb1e-3ca05bc06f2f.exe /u512e4fc0-18d4-4361-bb1e-3ca05bc06f2f /e7021522 /dT131701413S /t
open C:\Users\Telziiss\AppData\Local\Temp\\n3020\ins3020.exe ins.exe /e5364955 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
C:\Users\Xsixbndi\AppData\Local\Temp\\n1311\s1311.exe ins.exe /u 52fe2c91-49dc-40b7-b209-1f140a000013 /e 12904962 /h 8bd8fb.api.socdn.com /v "c:\users\user\downloads\0982a19be13f234f5e8d6ee512d1521aa7215313_0000585920"
C:\Users\Hrnujyha\AppData\Local\Temp\nsl3F2A.tmp\nrth.exe /dT201304191608 /e2268018 /aPhotoRec /u4dc9054e-38b0-4614-bdd5-20605bc06f26
C:\Users\Nyfxvzno\AppData\Local\Temp\nss4515.tmp\domanager.exe /u4d79ee5a-3ef0-4e31-86b7-468d5bc06ebe /e14234 /dT201210231027
C:\Users\Hienffmp\AppData\Local\Temp\nsh5EC.tmp\inst.exe 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe /dT131632108S /e5458639 /t /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
C:\Users\Oopiiuco\AppData\Local\Temp\nsb6382.tmp\installer.exe 0a2a1890-e4c3-11e2-b66b-00259033c1da.exe /t102431e84bb8f03627ca2b27526c23 /dT131891749S102431e84bb8f03627ca2b27526c23 /e9719152 /u0a2a1890-e4c3-11e2-b66b-00259033c1da
s1872.exe 2ae38e0d3074c6553c8d769cGB+oRbAS5cKedBRu+s9Ad/mc2JIdsSag645IlAFNg4ltjab1bZTsBSgyxo86BRuR4y0WwEunz1/xiwTAcjaE5g2v77f0qJdnhE9gGERqbdrj1YjcsxquMdsT1mZ30M7Zxn/TlV8Ha9BuHwk0HBstzbj5 /v "c:\users\user\downloads\20519d7db918a38a6822290b96e9a416a5c40747_0000537824"
C:\Users\Kdothuiu\AppData\Local\Temp\nsmA786.tmp\dlmgn.exe "c:\users\user\downloads\a6df8791590350c8968c49e02400f2a5cf612e79_0000218680"
C:\Users\Lzsxzkgx\AppData\Local\Temp\nshA768.tmp\northstar.exe /dT201303151737 /e5755349 /u512e4fc0-18d4-4361-bb1e-3ca05bc06f2f
C:\Users\Edospney\AppData\Local\Temp\nscA797.tmp\installer.exe c44c0242-e47d-11e2-b66b-00259033c1da.exe /t102f10c3cfb0de4d7215b336beb45f /dT131911503S102f10c3cfb0de4d7215b336beb45f /e9504441 /uc44c0242-e47d-11e2-b66b-00259033c1da
C:\Users\Bbtrllai\AppData\Local\Temp\nsvBCEE.tmp\downloadmr.exe /u4db81fcb-20f4-42d4-8d8b-4c1f5bc06ebe /e2349171
C:\Users\Yignmcoe\AppData\Local\Temp\nsz1370.tmp\northstar.exe /u50d1d9d5-cf90-407c-820a-35e05bc06f2f /e5569970 /dT201302051159
C:\Users\Kzfvczxy\AppData\Local\Temp\nstFCFC.tmp\northstar.exe /u4fbfca05-374c-42b7-8d55-26865bc06f2f /e3243495 /dT201301251837
C:\Users\Xjrripgf\AppData\Local\Temp\nszB9B2.tmp\installer.exe c44c0242-e47d-11e2-b66b-00259033c1da.exe /t102852b89e7c1ee9c668247bc13ee4 /dT132132235S102852b89e7c1ee9c668247bc13ee4 /e9504441 /uc44c0242-e47d-11e2-b66b-00259033c1da
C:\Users\Etspbitn\AppData\Local\Temp\nshA804.tmp\installer.exe 99fac896-d750-11e2-a752-00259033c1da.exe /u99fac896-d750-11e2-a752-00259033c1da /e9010803 /dT131770146S10234787a2dbf7bbef4d44fca1daaf /t10234787a2dbf7bbef4d44fca1daaf
C:\Users\Gysdlike\AppData\Local\Temp\nsiA8A1.tmp\dnwm.exe /u4dc90cd0-7328-42b2-8f65-20295bc06f26 /e2271477
C:\Users\Nvkkygzs\AppData\Local\Temp\nsoB925.tmp\installer.exe 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe /t /dT132190408S /e5365755 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
C:\Users\Iqagabwu\AppData\Local\Temp\nsyB82B.tmp\installer.exe 51c2b237-a020-4ef6-8d82-789b5bc06f2f.exe /t /dT132081122S /e9049938 /u51c2b237-a020-4ef6-8d82-789b5bc06f2f
C:\Users\Gdfkbgtj\AppData\Local\Temp\\n6141\s6141.exe ins.exe /h b34083.api.socdn.com /e 12771681 /u 4fe0cf9f-1fe4-4abb-905a-57915bc06f2f /v "c:\users\user\downloads\4b4cec92a03f9851342baa25b0743f73fbe479fd_0000577728"
open C:\Users\Xjvmhsui\AppData\Local\Temp\\n5159\ins5159.exe ins.exe /e12298553 /u4fd99101-fa18-4898-bfd9-098a5bc06f2f

Trending

Most Viewed

Loading...