Downloader.Duuqu

By CagedTech in Adware

Threat Scorecard

Ranking:	6,397
Threat Level:	70 % (High)
Infected Computers:	60,740

First Seen:	December 23, 2013
Last Seen:	September 14, 2023
OS(es) Affected:	Windows

Downloader.Duuqu is a Trojan that may download additional malware infections onto the affected computer system. Upon execution, Downloader.Duuqu may copy itself to the particular location on the PC. Downloader.Duuqu may create the registry entry so that it can launch automatically every time the computer user starts Windows. Downloader. Downloader.Duuqu may download and execute malicious files from the specific web addresses. Downloader.Duuqu may spread through a malicious link added into spam email. The spam email may carry a link to a remote server that may use malicious codes in an effort to surreptitiously download Downloader.Duuqu. Downloader.Duuqu may include adware capabilities. Downloader.Duuqu may display numerous intrusive pop-up advertisements and messages on the computer.

Table of Contents

SpyHunter Detects & Remove Downloader.Duuqu

File System Details

Downloader.Duuqu may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	DuuquUpdate.exe	136e913b1d3771b3535c3622c36b5e38	58,786
Name: DuuquUpdate.exe MD5: 136e913b1d3771b3535c3622c36b5e38 Size: 98.36 KB (98360 bytes) Detections: 58,786 Type: Executable File Path: C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe Group: Malware file Last Updated: February 6, 2023

Registry Details

Downloader.Duuqu may create the following registry entry or registry entries:

CLSID

{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}

{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}

{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}

{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}

{3279E34D-3F0F-4EE4-99FA-7141B82DB0A8}

{35047074-2A04-4CE9-BE91-8D2D02DC58E6}

{3F8564C9-651D-427D-987F-837B793ACEBC}

{402FCA56-D17B-46D7-A90E-1CFA25B0215B}

{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}

{486E4A9A-50F4-4DA4-9F50-363FC9F72939}

{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}

{5D365F25-8B03-4B7B-9E4A-A37CE436019E}

{61E7C4F0-2579-4C25-9189-8EC876B97ED1}

{6464558C-D81D-4016-B90E-6782FDB9DCD0}

{67D67055-EDB3-416B-9711-024AD839FB6A}

{6A2683D1-57B4-484F-BF88-BC4F870CE703}

{7D79AC47-48F6-40F8-BA34-17677EAEA37C}

{8147068D-4315-4688-8CBC-246B57265267}

{82892E3A-727E-4D86-B4D1-46063B58A0AA}

{8DA2D086-7DE1-45F7-814A-514224A1CE22}

{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}

{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}

{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}

{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}

{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}

{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}

{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}

{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}

{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}

{B8669E7E-2C40-42DC-8BA0-314D860F5200}

{D263ED30-CDED-4834-BEB9-75CBCE761A3A}

{D4B7651E-076D-4BB2-A021-26F6E7A59A48}

{D7BEC320-B746-4A47-B289-509214980E2B}

{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}

{E555444B-4EA6-4B30-A314-49C2D1BE413D}

{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}

{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}

{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\DuuquUpdate.exe

SOFTWARE\Classes\AppID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}

SOFTWARE\Classes\AppID\{D7BEC320-B746-4A47-B289-509214980E2B}

SOFTWARE\Classes\Duuqu.OneClickCtrl.9

SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine

SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0

SOFTWARE\Classes\Duuqu.Update3WebControl.3

SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.oneclickctrl.9

SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.update3webcontrol.3

SOFTWARE\Classes\Wow6432Node\AppID\DuuquUpdate.exe

SOFTWARE\Classes\Wow6432Node\AppID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}

SOFTWARE\Classes\Wow6432Node\AppID\{D7BEC320-B746-4A47-B289-509214980E2B}

SOFTWARE\Duuqu

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DuuquUpdateTaskMachineCore

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DuuquUpdateTaskMachineUA

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3

SOFTWARE\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9

SOFTWARE\Wow6432Node\Classes\AppID\DuuquUpdate.exe

SOFTWARE\Wow6432Node\Classes\AppID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}

SOFTWARE\Wow6432Node\Classes\AppID\{D7BEC320-B746-4A47-B289-509214980E2B}

SOFTWARE\Wow6432Node\Duuqu

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}

SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3

SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9

SYSTEM\ControlSet001\services\dqupdate

SYSTEM\ControlSet001\services\dqupdatem

SYSTEM\ControlSet002\services\dqupdate

SYSTEM\ControlSet002\services\dqupdatem

SYSTEM\CurrentControlSet\services\dqupdate

SYSTEM\CurrentControlSet\services\dqupdatem

Directories

Downloader.Duuqu may create the following directory or directories:

%LOCALAPPDATA%\Duuqu

%PROGRAMFILES%\Duuqu

%PROGRAMFILES(x86)%\Duuqu

%UserProfile%\Local Settings\Application Data\Duuqu

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Downloader.Duuqu

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Downloader.Duuqu

File System Details

Registry Details

Directories

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen