Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.Agent.KD

Backdoor.Agent.KD

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 12,354
Threat Level: 60 % (Medium)
Infected Computers: 250
First Seen: June 28, 2021
Last Seen: February 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.Agent.KD
Signature status: No Signature

Known Samples

MD5: e5b4b3c9774b8cd626a3720121a9769b
SHA1: 2fb1ccb6463f821f4c2cdc55240dfaad0921d122
SHA256: 162C30520527DBDFB72DCFD667D9E92D7448B5A4DD6AA219EC51BE3FD8B77691
File Size: 2.45 MB, 2446718 bytes
MD5: c61de7b2a1a073e020b5c9fc9d2f9f77
SHA1: 0cf6820ff08bdcc91dcde6b49ad2aacf10232d97
SHA256: BE1296035966A6FDCEE4BAE9C25DFA854E41FB4AEF22B59A3321D7B1B9C912C6
File Size: 1.23 MB, 1229308 bytes
MD5: 0fe265ddcd15b0eeb853b8f7be1346fa
SHA1: 39eefb9cbc01715eb7d4b1f01f4b2a6410eb6a3f
SHA256: CCB033EC2AFF0309BD73A27AECB7DDA2EE1ABA0A1E5EA82FD0E33D18C0B958CD
File Size: 2.60 MB, 2603829 bytes
MD5: bebda1e49a98e1573225f6651fffcc87
SHA1: 72744a11e6f94a0398acf4158d45569ceafb2cb7
SHA256: D8FEAFB7279FB6F4196A10D48BE4643CB6C0A8B435484492F3F3529B9CE35615
File Size: 2.37 MB, 2372345 bytes
MD5: 6675a860705719669af07721d11f4698
SHA1: d88a867392cefc164b634983992c741596c49946
SHA256: D022166C95FB76D643F8BD88B53A1185BB5AAB151F21B28C41518E38CE1B5003
File Size: 1.05 MB, 1045687 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Oleg N. Scherbakov
  • Sergei Strelec
File Description
  • 7z Setup SFX (x86)
  • ProgramPE
File Version 1.4.1.2100
Internal Name 7ZSfxMod
Legal Copyright Copyright © 2005-2010 Oleg N. Scherbakov
Original Filename 7ZSfxMod_x86.exe
Private Build April 28, 2011
Product Name 7-Zip SFX
Product Version 1.4.1.2100

File Traits

  • 7-zip (In Overlay)
  • 7-zip Installer
  • 7zSFX
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • x86

Files Modified

File Attributes
\\wpvlgwxorr\pipe\svcctl Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\cpuz\cpuz_x32_ru.exe Generic Write,Read Attributes
c:\program files (x86)\cpuz\cpuz_x32_ru.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\32.cmd Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\32.cmd Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\64.cmd Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\64.cmd Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd32.exe Generic Write,Read Attributes
Show More
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd32.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd32l.exe Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd32l.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd64.exe Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd64.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd64l.exe Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspd64l.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspda64.exe Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\diskspd\diskspda64.exe Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\arabic.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\arabic.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\armenian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\armenian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\azeri.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\azeri.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\belarussian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\belarussian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\bulgarian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\bulgarian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\catalan.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\catalan.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\croatian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\croatian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\czech.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\czech.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\danish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\danish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\dutch.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\dutch.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\english.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\english.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\estonia.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\estonia.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\finnish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\finnish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\french.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\french.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\galician.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\galician.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\georgian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\georgian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\german.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\german.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\greek.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\greek.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hebrew.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hebrew.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hindi.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hindi.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hungarian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\hungarian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\indonesian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\indonesian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\italian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\italian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\japanese.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\japanese.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\kannada.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\kannada.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\korean.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\korean.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\latvian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\latvian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\lithuanian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\lithuanian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\macedonian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\macedonian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\nepali.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\nepali.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\norwegian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\norwegian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\persian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\persian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\polish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\polish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\portuguese.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\portuguese.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\portuguesept.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\portuguesept.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\romanian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\romanian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\russian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\russian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\serbian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\serbian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\simplifiedchinese.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\simplifiedchinese.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\slovak.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\slovak.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\slovenian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\slovenian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\spanish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\spanish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\swedish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\swedish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\telugu.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\telugu.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\thai.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\thai.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\traditionalchinese.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\traditionalchinese.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\turkish.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\turkish.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\ukrainian.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\ukrainian.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\vietnamese.lang Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\language\vietnamese.lang Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\background-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\background-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\button-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\comment-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\commentl-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\meter-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\theme.ini Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\dark\theme.ini Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\background-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\background-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\button-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-100.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-100.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-125.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-125.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-150.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-150.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-200.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-200.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-250.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-250.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-300.png Generic Write,Read Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\meter-300.png Synchronize,Write Attributes
c:\program files (x86)\crystaldiskmark\cdmresource\themes\darkred\theme.ini Generic Write,Read Attributes

312 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ❙겲崖ǜ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 乐겹崖ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㵙ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerResolution
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
Other Suspicious
  • SetWindowsHookEx
Process Terminate
  • TerminateProcess
Service Control
  • OpenSCManager

Shell Command Execution

(NULL) Archivi\IuvncOnly.exe
(NULL) 64.cmd
C:\Program Files (x86)\CrystalDiskMark\diskmark64.exe DiskMark64.exe
WriteConsole: The system canno
(NULL) cpuz_x32_ru.exe

Trending

Most Viewed

Loading...