Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.VKDJ

Adware.VKDJ

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 2,008
Threat Level: 20 % (Normal)
Infected Computers: 41,840
First Seen: January 16, 2013
Last Seen: April 18, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Adware.VKDJ

Registry Details

Adware.VKDJ may create the following registry entry or registry entries:
File name without path
VКDJ.lnk
HKEY..\..\..\..{RegistryKeys}
Software\conifgDJ
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
unisntallDJ
{AD4B77CC-62D4-4FDE-85B2-579927F7647B}_is1

Directories

Adware.VKDJ may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\VКDJ
%ALLUSERSPROFILE%\VkontaekatDJ
%ALLUSERSPROFILE%\VКDJ
%ALLUSERSPROFILE%\VК_DJ
%ALLUSERSPROFILE%\vkontaktedj
%APPDATA%\vkontaktedj

Analysis Report

General information

Family Name: Adware.VKDJ
Signature status: No Signature

Known Samples

MD5: 2e843da1e80ea8e959aa5e466663a64d
SHA1: 74cd1633e38e07ad9c8fcc33b9ab9126d1c271c5
File Size: 1.30 MB, 1302528 bytes
MD5: 4f5c8f020ae42845deecfe87cbe3f4b5
SHA1: df96e250950489f2e18d579c35b998dee6995dca
File Size: 3.27 MB, 3274657 bytes
MD5: cd575944ebc0e7038fd903b6cc50fef2
SHA1: b256dce2928e213e63319313411b1b638ed671cc
File Size: 2.12 MB, 2123552 bytes
MD5: fb5b25eca8214cfa7dcc1d2fff2f6fdd
SHA1: de90ad061d817927793b8001e2732f72f1975312
File Size: 1.30 MB, 1298432 bytes
MD5: aa7f4a1401da3a02a97c3f17293c8fd7
SHA1: ca73e25c94be8e2658189257e81c3b0c7c387f92
File Size: 3.27 MB, 3274657 bytes
Show More
MD5: 698e2d403cf8dfa6b9bb01aa445f008b
SHA1: ee6b26b8d89440925929fc9bce7ce261328a9f6b
SHA256: 901C7000BE39B5EAA43F4D8E8349DD8071EE8630BAED88360C1DDD213D6AEAA9
File Size: 3.27 MB, 3274657 bytes
MD5: 776e81eeb1786b4825703b4e4e33133b
SHA1: fa12ed78393e5202259b0e6ae51f459b0169a488
SHA256: 318622464E2DCB24760716D04FA4C84847C8D3994384500C151A582954124630
File Size: 1.84 MB, 1838016 bytes
MD5: b5b55726cfa143f12c5627cf4287bfc2
SHA1: 91e7192319e1da6d00bf3012a902123a5d9d217e
SHA256: E234A771426E41BC2C0081BED2862FE4F3D810E2F55645AA64D09884E732D168
File Size: 1.94 MB, 1935704 bytes
MD5: a4bf51bc5286f2a61de3615d64d9e38f
SHA1: c8866442a4eadd6add879ce5c23d35d428131ec6
SHA256: 7F9DC7CAEB0EC82AD5B21988436BCEFC9D141896938F016C74E4817F85ED67C4
File Size: 1.30 MB, 1296896 bytes
MD5: 4395e5dc48e1531560794d25a62a0453
SHA1: 92859109780b65a3dbad8ee171a7fe50dc6a8e4f
SHA256: 03CBA3A2E4DE2AF3BB685DD16C7E98B4BA4F90A1A52DFA1507750032A6950FB1
File Size: 2.00 MB, 2002832 bytes
MD5: b02275a427bbf28f547495d1f84bb012
SHA1: ba453ea21edcecfd034939931444bb83451a05df
SHA256: 936E0A5CF5CD20464EFDA389C6F57E201241C60E270AD217629125008DF0321D
File Size: 1.30 MB, 1303040 bytes
MD5: 1cad414304e201d366e83602e477b38c
SHA1: 400fdae05526249ec792901a9992295474674619
SHA256: A298ED17C9590A8CD5177382330FBB393B44E4ACB22D5B4FBBD416FF9CA8C192
File Size: 9.59 MB, 9588288 bytes
MD5: 977fb36295a7d66c3c02a273c9da5377
SHA1: ad4a63134a6a3295f542ce8a902cc7d18ec02d2c
SHA256: 81F45584C73489BEBDDF15126726D0BBCDFB8D978444814E0EB21005D350BB18
File Size: 3.27 MB, 3274657 bytes
MD5: 17ab57f6af6c1daeb69859dad25c4e91
SHA1: d9dba937d8a89a9760a7cfcfb67040be37091a0f
SHA256: 21629A4801850DEBA5C54A1786741815BE6D84EE88229490906F616EA725874B
File Size: 1.84 MB, 1838072 bytes
MD5: 7f74d94927304858955e2c2c891760dd
SHA1: eba22a62eceff69c1075d38b4aba71d4f341d60e
SHA256: 59587C79C9151A465B76674E1F03ADB15E3ED226BC9C036849BF6DB9029E3C18
File Size: 3.27 MB, 3274657 bytes
MD5: fb567e94279463bdb7381b9d226b97b1
SHA1: fdc2ffd2ea62aec47fe6a508b2392ffdedf61272
SHA256: F972F553FBDEB8F706BDA58516C68DAC4CD7101DB49660D75A199221A0643732
File Size: 2.00 MB, 2003000 bytes
MD5: 44fa4ee7cbdd86bff77a27c17c9d7520
SHA1: 4c255500dc7977341f04518084686a085f778808
SHA256: 0076F73A2F101366A4D3EE806A3D88412BAAF549E23DB818393A7E6C20729E09
File Size: 3.27 MB, 3274657 bytes
MD5: 338c4c66a9df4f2b0e32b664655b940d
SHA1: 9f3016b2ce0e414988010e5153ba3fc4bc15a263
SHA256: 7841A0AC614D2E7CE8FB23C00E425869B506C89301261C7162BAEE0A792BC2D1
File Size: 3.27 MB, 3274657 bytes
MD5: 8ea8835f4e10ad04db545f1f59b205c0
SHA1: d9f87415ce4c60b487a9281d93d6807112f8c8c4
SHA256: 5350B2846A2BD9680767553887347C4097EB2A3926C49B75FF364D37AA8FCA41
File Size: 9.57 MB, 9569792 bytes
MD5: c3ca87b031999297577a81357f39fb75
SHA1: abc725b2b325fcf93e1e762108acde1ceade69b0
SHA256: C9BBD66E375D2F675B0AFEA2DBB6A399CE936BDB2F131535BBA516C90FA16D3A
File Size: 3.56 MB, 3555840 bytes
MD5: a40462db1a6373644d74ce2c170be26e
SHA1: 1bcf8e4f0ae02672af48c7f689b53e123fa9b019
SHA256: A4B1B7094276210EAB50EC8055B6405FD3CC804CFEB71587FD2B5BCBC24CB4C3
File Size: 1.30 MB, 1303040 bytes
MD5: 8810b08b9a3ce35f5e7e22a1f78c7acf
SHA1: b0a21b3e3cbd155d90d0f0a45dff1d7ad96293ab
SHA256: 86AC8CA8B7ABE7356BE262EF225AB96111E703CEB155F3D25EAEE38C5B12812D
File Size: 3.27 MB, 3274657 bytes
MD5: d6886d0ae06bf0b59dd975b5363c2d08
SHA1: b27add8d8745ee6ebae0ec8e8d316b978e157cee
SHA256: 76ED41954E310F5B3893BC7D78E3E1C2F663B0B6D73960259057891637C789E5
File Size: 1.85 MB, 1853850 bytes
MD5: 750a2649a04e02fd5ab32b6c2bbbbd02
SHA1: 780d4d7b9117537b646943c96a4c4d7b6eac9a98
SHA256: FEB7ADB7B55BFF75A737A1DD15CBBC0574AFA68F172B584D9F76A0CE7E92E51D
File Size: 1.31 MB, 1306112 bytes
MD5: e3831b3b6259f20e6a07cef129f9f93f
SHA1: 5f8eea030b94aab22952841fb676637edbb72c74
SHA256: D06571D064A17601FD7B76395A3CF900C72F08B368B502504FD0AF973CC11DC9
File Size: 1.30 MB, 1303040 bytes
MD5: e7d9b5d44fb5168b38c168ab752bf9e2
SHA1: 67d0632607e665ac6d067f358fb636c21d3af54d
SHA256: 39F4D8FA644766D2357289A45C13AB6464DF864ABEBC5F3FA77F1BEEB8F42AB9
File Size: 1.31 MB, 1312768 bytes
MD5: 26034b2e4e83c4476dce0e45fa22fa25
SHA1: 17723cceb02c79f02d2f1ca905d8f08617fcb3fa
SHA256: 19DF183D3E939DAD9FA2023AA4255C3711637DBF32C8A4924F93FA1C0210B644
File Size: 3.56 MB, 3559424 bytes
MD5: c11d634353d606c998171300a46ed1f9
SHA1: 084fe342bf0f3fb93bfb495aa580979e65197418
SHA256: E3B90E66A9D177ACE9DFE0AC164C613196241C557FD40C38C6F82D301E19AA99
File Size: 1.32 MB, 1323008 bytes
MD5: bb58942b7040d2a7b337b9184c9964b5
SHA1: 49a10a748c757769ab6bfe126bcf583416c4c0bc
SHA256: 296CFE9F32CFB0244E1077B42F25D9AA68A25C6D0A28CBA833360A429B8F73CE
File Size: 3.27 MB, 3274657 bytes
MD5: ebce1e65ed1237966a47fb2f73df25a0
SHA1: 1d308e540790d50d7e63c9680a8182a597e463e5
SHA256: 24552B7FC575C8092CFEF465B8EBF1DA4932AE028C68B39E5C0A16DC48BB54A5
File Size: 8.80 MB, 8797696 bytes
MD5: b1ce94b4a887b1fee7153ecb25296d1a
SHA1: 80ecbf79e37f4bf309b311f473eff388461be930
SHA256: 8D69D029BF6268C5A5E8FE2A5E632514286810169C0C297977ACB361D465C280
File Size: 2.00 MB, 1997088 bytes
MD5: 5560810ccfd7d63bdd07d110b8342abe
SHA1: c13ddf217db7c924ec051477f7137312cc3ad81f
SHA256: A529D14CD65BA72974BA5CCB31CBC6FB4FED8428DBB1AEE571EBDC4982F4109D
File Size: 3.27 MB, 3274657 bytes
MD5: 2bdf654e5a64de44bd4f8ec52c53451b
SHA1: 372eb8279a94944238ca3d76355da862b2ef16bd
SHA256: 8522927F691ECF4DAC65346FA17D7C5FA0B9EC634B34185FDF0DB7D5E8889F9A
File Size: 3.27 MB, 3274657 bytes
MD5: 7cdda231eb690c67d535b9eee6f03037
SHA1: 5aff083f2151bed5d799b4dab199c9c57da63436
SHA256: F43A2FE0A5D46E982C52E84101CEFEC071EA0FF535E1BADD3A7B89CAE1C05F0C
File Size: 1.90 MB, 1900000 bytes
MD5: f1bb5fc305a3fe13e116a94bd56fff57
SHA1: 27a1ac8a6d95b4210cfc7118f9c8c49fcfa934f7
SHA256: 82B69365B5E5EF460A025D194E737334CEEE00D55171E3E25CBD77468CFE4754
File Size: 6.59 MB, 6588088 bytes
MD5: cf3095d632406c38373d9eb62defd1cd
SHA1: 9f1de65850c25bc97ede5f41c2a3cb000587e924
SHA256: 13CDA756051DA86D9A6EB734289A1BFA4C19BD613E4E65B65111151448F83595
File Size: 2.00 MB, 2002848 bytes
MD5: c7458d90113e22bb60af5da31404572e
SHA1: ad1b9afb9bb40030927e452b276835c979f22091
SHA256: B919E5CE35073A4EDA69D2E67C59437A4D87F6B4E23B4971906CD57B9380F92E
File Size: 7.15 MB, 7146496 bytes
MD5: 6bcc8aa4e0255fbfab0f7f81b5b6a9ce
SHA1: 3f942f15c266e6a1bcdb4b3b25bd964973d2df35
SHA256: 544F8A38493C13859702C88BEA4266288EA128B02F0F803AB21184CB151F4BDC
File Size: 1.30 MB, 1303040 bytes
MD5: bfbe002f946d3c7c7f39da40451bf3c3
SHA1: 2e3834ee37a64dc556cdbcad2ee63f60e0f73b9d
SHA256: 4DB291722C2A46B14F66320DD10B7071E0B8BB53D69017AC7DB058B3AFBF3329
File Size: 6.04 MB, 6040064 bytes
MD5: 66a3e15ba53865ef529892fcb64c8f2f
SHA1: f63c4f79207a529923576034313b0c47b303e9c0
SHA256: 4E66F005A705A1C406BB28DBFF2A57E737B82F5B5A289C3DB1C7F4B50536F05C
File Size: 1.32 MB, 1324032 bytes
MD5: dc2abe07c8e8064fa34ed2df35596565
SHA1: 43329a92b8f69b97500704c06edb45331965540b
SHA256: 461AE5EEA14AD7B0273142CC073BAA91DB2D9C968C827516A5D7CB5069CAEC59
File Size: 9.59 MB, 9588288 bytes
MD5: 8ff277ef438d2a5c350df0f1c76656b8
SHA1: 5bf4d7a9418a2e8eb08196dbda02e6eca684963c
SHA256: 5A4956F5AB62940339A415F5B07F56958312F7A4900DB9455CEA9FAE34B654AE
File Size: 1.94 MB, 1935720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • 19.02.2009
  • This installation was built with Inno Setup.
Company Name
  • AudioVK.com
  • AudioVK.Com
  • D-J_VK
  • hungry-auditor
  • plumbing-preston
  • pointing-protein
  • policy-pose
  • premiere-processors
  • preparation-prohibited
  • present-platinum
Show More
  • prior-powerpoint
  • prisoner-prot
  • processors-postcard
  • produces-please
  • proposals-production
  • prot-portfolio
  • protected-preview
  • protection-playing
  • Vkontakte.DJ
File Description
  • carriage-august Setup
  • politicians-postings Setup
  • ports-potatoes Setup
  • producers-pour Setup
  • Setup/Uninstall
  • Setup VK DJ
  • VKDJ, Setup
  • VkontakteDJ Setup
  • VKSaver - downloader media from vk.com
  • VKSaver installation bundle
Show More
  • VКDJ Setup
File Version
  • 51.1052.0.0
  • 4.9.260212.2263
  • 4.9.251211.2151
  • 4.9.251027.2042
  • 4.9.251017.2026
  • 4.9.251002.1994
  • 4.9.250807.1950
  • 4.9.250611.1913
  • 4.9.250606.1906
  • 4.9.250606.1902
Show More
  • 4.9.250528.1900
  • 4.9.250425.1821
  • 4.9.250319.1742
  • 4.9.250303.1715
  • 1.5.0.22
  • 1.5.0.17
  • 1.4.60.0
  • 1.2.03.3
  • 1.2.01.5465
  • 1.0.0.1
  • 1.0.0.0
Internal Name
  • VKSaver-Install.exe
  • VKSaver.exe
Legal Copyright
  • Copyright (C) 2008. All rights reserved.
  • Copyright (C) 2009-2025 AudioVK.com
  • Copyright (C) 2009-2025 AudioVK.Com
Original Filename
  • VKontakte-DJ.exe
  • VKSaver-Install.exe
  • VKSaver.exe
Product Name
  • carriage-august
  • places-princess
  • politicians-postings
  • poly-printer
  • ports-potatoes
  • positive-projected
  • poultry-preview
  • prerequisite-positions
  • presenting-prescribed
  • prior-popular
Show More
  • proceeds-plans
  • producers-pour
  • productivity-polar
  • programmes-predictions
  • proudly-plains
  • VKontakte DJ
  • VkontakteDJ
  • VKSaver
  • VКDJ
Product Version
  • 4.9.260212.2263
  • 4.9.251211.2151
  • 4.9.251027.2042
  • 4.9.251017.2026
  • 4.9.251002.1994
  • 4.9.250807.1950
  • 4.9.250611.1913
  • 4.9.250606.1906
  • 4.9.250606.1902
  • 4.9.250528.1900
Show More
  • 4.9.250425.1821
  • 4.9.250319.1742
  • 4.9.250303.1715
  • 3.002
  • 3
  • 1.4
  • 1.070622
  • 1.00075152
  • 1.0004297685
  • 1.0004275371
  • 1.0.0.0

Digital Signatures

Signer Root Status
RECORD LLC AddTrust External CA Root Root Not Trusted
MONITOR, inc COMODO RSA Code Signing CA Self Signed
Monitor OOO GlobalSign Code Signing Root R45 Root Not Trusted
OOO Monitor GlobalSign Code Signing Root R45 Root Not Trusted
Monitor, inc Sectigo RSA Code Signing CA Self Signed

File Traits

  • 2+ executable sections
  • fptable
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • No Version Info
  • VirtualQueryEx
  • x86

Block Information

Similar Families

  • Agent.FDD
  • Emotet.CDD
  • Injector.AK
  • Kryptik.LFT
  • Lumma.GFD
Show More
  • Rugmi.IA
  • Sheloader.A
  • Sheloader.C
  • Stealer.KF
  • VKDJ.A

Files Modified

File Attributes
c:\programdata\ciwvfxxlpl.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\ciwvfxxlpl.js Generic Write,Read Attributes
c:\programdata\iqqikibdxv.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\iqqikibdxv.js Generic Write,Read Attributes
c:\programdata\sgqgsbmmbm.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\sgqgsbmmbm.js Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0k8qh.tmp\91e7192319e1da6d00bf3012a902123a5d9d217e_0001935704.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-10u0f.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1m12i.tmp\80ecbf79e37f4bf309b311f473eff388461be930_0001997088.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-44r95.tmp\b256dce2928e213e63319313411b1b638ed671cc_0002123552.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4q7kn.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-67v9u.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-67v9u.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-67v9u.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7g59i.tmp\9f1de65850c25bc97ede5f41c2a3cb000587e924_0002002848.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-avle8.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-avle8.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-avle8.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bk8gg.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-fal4o.tmp\92859109780b65a3dbad8ee171a7fe50dc6a8e4f_0002002832.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fh0q9.tmp\5bf4d7a9418a2e8eb08196dbda02e6eca684963c_0001935720.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gphpf.tmp\fdc2ffd2ea62aec47fe6a508b2392ffdedf61272_0002003000.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-i7ipa.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-i7ipa.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-kk9p3.tmp\5aff083f2151bed5d799b4dab199c9c57da63436_0001900000.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mtber.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-mtber.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mtber.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-n7137.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-n7137.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-n7137.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pcv3u.tmp\fa12ed78393e5202259b0e6ae51f459b0169a488_0001838016.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-r290r.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-r290r.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-r290r.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ss42k.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vadsn.tmp\d9dba937d8a89a9760a7cfcfb67040be37091a0f_0001838072.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi5a32.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi5a32.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi5a61.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi5a61.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi5a82.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi5a82.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi5aa2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi5aa2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgi5ab3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgi5ab3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp Generic Write,Read Attributes,Delete

Registry Modifications

Key::Value Data API Name
HKCU\vksaver:: url:VKSaver RegNtPreCreateKey
HKCU\vksaver::url protocol RegNtPreCreateKey
HKCU\vksaver\defaulticon:: "C:\ProgramData\VKSaver\VKSaver.exe",0 RegNtPreCreateKey
HKCU\vksaver\shell\open\command:: "C:\ProgramData\VKSaver\VKSaver.exe" "%1" RegNtPreCreateKey
HKCU\software\vksaver\capabilities::applicationdescription VKSaver RegNtPreCreateKey
HKCU\software\vksaver\capabilities::applicationicon C:\ProgramData\VKSaver\VKSaver.exe,0 RegNtPreCreateKey
HKCU\software\vksaver\capabilities::applicationname VKSaver RegNtPreCreateKey
HKCU\software\vksaver\capabilities\urlassociations::vksaver VKSaver RegNtPreCreateKey
HKCU\software\registeredapplications::vksaver Software\VKSaver\Capabilities RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䵶꟫⚔ǜ RegNtPreCreateKey
HKCU\software\vkdj::exit 1 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鏕⚴ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㮩⯟㊊ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\policies\google\chrome\localnetworkaccessallowedforurls::1 [*.]audiovk.com RegNtPreCreateKey
HKCU\software\policies\microsoft\edge\localnetworkaccessallowedforurls::1 [*.]audiovk.com RegNtPreCreateKey
HKCU\software\policies\yandexbrowser\localnetworkaccessallowedforurls::1 [*.]audiovk.com RegNtPreCreateKey
HKCU\software\policies\operasoftware\opera\localnetworkaccessallowedforurls::1 [*.]audiovk.com RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU:: 0 RegNtPreCreateKey
HKCU::clids 11285,502,11285,2350450,2350451,2350452,2350453,2350454,2350455,2350456,2350457,2350458,2350459,2350460,2350461,2350462,2350463, RegNtPreCreateKey
HKCU:: RegNtPreCreateKey
HKCU::clids 42309,1,42309,2482669,2482670,2482671,2482672,2482673,2482674,2482675,2482676,2482677,2482678,2482679,2482680,2482681,2482683,24 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᇠꜥ뮣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㦊Ꜭ뮣ǜ RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecute
  • WinExec
  • WriteConsole
Keyboard Access
  • GetKeyState
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData

101 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
Process Terminate
  • TerminateProcess
Network Winhttp
  • WinHttpOpen
Network Winsock
  • freeaddrinfo
  • getaddrinfo
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Slhcllcx\AppData\Local\Temp\is-44R95.tmp\b256dce2928e213e63319313411b1b638ed671cc_0002123552.tmp" /SL5="$80046,1393444,858112,c:\users\user\downloads\b256dce2928e213e63319313411b1b638ed671cc_0002123552.exe"
"C:\Users\Yxkowsvm\AppData\Local\Temp\is-PCV3U.tmp\fa12ed78393e5202259b0e6ae51f459b0169a488_0001838016.tmp" /SL5="$300A6,1109206,780288,c:\users\user\downloads\fa12ed78393e5202259b0e6ae51f459b0169a488_0001838016"
"taskkill" /F /im VКDJ.exe
WriteConsole: ERROR: CoInitial
"C:\Users\Pqbcavex\AppData\Local\Temp\is-0K8QH.tmp\91e7192319e1da6d00bf3012a902123a5d9d217e_0001935704.tmp" /SL5="$60128,1074986,831488,c:\users\user\downloads\91e7192319e1da6d00bf3012a902123a5d9d217e_0001935704"
Show More
"C:\Users\Zxnljkkt\AppData\Local\Temp\is-FAL4O.tmp\92859109780b65a3dbad8ee171a7fe50dc6a8e4f_0002002832.tmp" /SL5="$20218,1272135,858112,c:\users\user\downloads\92859109780b65a3dbad8ee171a7fe50dc6a8e4f_0002002832"
cmd /c echo hi
WriteConsole: hi
open wscript C:\\ProgramData\\iqqikibdxv.js
"C:\Users\Dwijxarn\AppData\Local\Temp\is-VADSN.tmp\d9dba937d8a89a9760a7cfcfb67040be37091a0f_0001838072.tmp" /SL5="$10278,1109206,780288,c:\users\user\downloads\d9dba937d8a89a9760a7cfcfb67040be37091a0f_0001838072"
"C:\Users\Nqomdeka\AppData\Local\Temp\is-GPHPF.tmp\fdc2ffd2ea62aec47fe6a508b2392ffdedf61272_0002003000.tmp" /SL5="$8004A,1272135,858112,c:\users\user\downloads\fdc2ffd2ea62aec47fe6a508b2392ffdedf61272_0002003000"
open wscript C:\\ProgramData\\ciwvfxxlpl.js
"C:\Users\Uvplttai\AppData\Local\Temp\is-1M12I.tmp\80ecbf79e37f4bf309b311f473eff388461be930_0001997088.tmp" /SL5="$7031C,1106218,862720,c:\users\user\downloads\80ecbf79e37f4bf309b311f473eff388461be930_0001997088"
"" bin.exe
"C:\Users\Relichzb\AppData\Local\Temp\is-KK9P3.tmp\5aff083f2151bed5d799b4dab199c9c57da63436_0001900000.tmp" /SL5="$D02CA,1044266,800768,c:\users\user\downloads\5aff083f2151bed5d799b4dab199c9c57da63436_0001900000"
"C:\Users\Eiequnja\AppData\Local\Temp\is-7G59I.tmp\9f1de65850c25bc97ede5f41c2a3cb000587e924_0002002848.tmp" /SL5="$502E4,1272135,858112,c:\users\user\downloads\9f1de65850c25bc97ede5f41c2a3cb000587e924_0002002848"
open wscript C:\\ProgramData\\sgqgsbmmbm.js
"C:\Users\Blnkoflv\AppData\Local\Temp\is-FH0Q9.tmp\5bf4d7a9418a2e8eb08196dbda02e6eca684963c_0001935720.tmp" /SL5="$100394,1074986,831488,c:\users\user\downloads\5bf4d7a9418a2e8eb08196dbda02e6eca684963c_0001935720"

Trending

Most Viewed

Loading...