Trojan-Downloader.VBS.Agent

By ZulaZuza in Trojan Downloader

Translate To:

Threat Scorecard

Popularity Rank:	41
Threat Level:	80 % (High)
Infected Computers:	421,290

First Seen:	August 6, 2015
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Trojan-Downloader.VBS.Agent is computer threat that is able to download malicious files via the internet and execute them on a victim's computer. Trojan-Downloader.VBS.Agent may surreptitiously infiltrate a user's system via contaminate e-mail attachments or links. Trojan-Downloader.VBS.Agent may also disturb the regular running of your computer system.

Table of Contents

SpyHunter Detects & Remove Trojan-Downloader.VBS.Agent

File System Details

Trojan-Downloader.VBS.Agent may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	link nhac pass giai nen 123456.vbs	0afad30416bf0fd767370d3bb5d1598b	10,061
Name: link nhac pass giai nen 123456.vbs MD5: 0afad30416bf0fd767370d3bb5d1598b Size: 373.53 KB (373534 bytes) Detections: 10,061 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: September 8, 2020
2.	DDDD.vbs	721b0630b03d0bf8f470a4ee95e5dc30	373
Name: DDDD.vbs MD5: 721b0630b03d0bf8f470a4ee95e5dc30 Size: 34.49 KB (34492 bytes) Detections: 373 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: December 18, 2025
3.	r.vbs	2fa06e40a3d0b08c9024e3d3b84c1b4c	104
Name: r.vbs MD5: 2fa06e40a3d0b08c9024e3d3b84c1b4c Size: 370B (370 bytes) Detections: 104 Path: %ALLUSERSPROFILE%\r.vbs Group: Malware file Last Updated: December 11, 2022
4.	INSTALL.VBS	d997119d08ba612227a72f08634a1114	34
Name: INSTALL.VBS MD5: d997119d08ba612227a72f08634a1114 Size: 543B (543 bytes) Detections: 34 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: April 15, 2022
5.	Host Structer Update Service.vbs	871f5daa2e26aad6dcc79e44259f890e	25
Name: Host Structer Update Service.vbs MD5: 871f5daa2e26aad6dcc79e44259f890e Size: 67.81 KB (67818 bytes) Detections: 25 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: December 13, 2021
6.	2netwier.VBS	c3cb99a30adca177f66e9782cc5ff8d9	11
Name: 2netwier.VBS MD5: c3cb99a30adca177f66e9782cc5ff8d9 Size: 535B (535 bytes) Detections: 11 Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2netwier.VBS Group: Malware file Last Updated: July 29, 2020
7.	reload.vbs	c5e4fa8646ec6bd8efe5b7623cca0920	8
Name: reload.vbs MD5: c5e4fa8646ec6bd8efe5b7623cca0920 Size: 17.06 KB (17062 bytes) Detections: 8 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
8.	teracopy.vbs	011bf31d8c0f0deaf832a26d518725d0	8
Name: teracopy.vbs MD5: 011bf31d8c0f0deaf832a26d518725d0 Size: 277.39 KB (277391 bytes) Detections: 8 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
9.	Mervy-CanadaPhotos (2).wsf	b97a22fb37ca6db33b238c8bbda22469	8
Name: Mervy-CanadaPhotos (2).wsf MD5: b97a22fb37ca6db33b238c8bbda22469 Size: 372.73 KB (372736 bytes) Detections: 8 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: November 17, 2021
10.	tmp1B96.tmp.wsf	6794b26ac68954331c7b233cdf4b640a	6
Name: tmp1B96.tmp.wsf MD5: 6794b26ac68954331c7b233cdf4b640a Size: 43.29 KB (43299 bytes) Detections: 6 Path: C:\Documents and Settings\<username>\Start Menu\Programs\Startup Group: Malware file Last Updated: August 13, 2020
11.	Boot.vbs	6459e9087ba976ef48b494a6bcbc5fef	6
Name: Boot.vbs MD5: 6459e9087ba976ef48b494a6bcbc5fef Size: 1.09 MB (1094359 bytes) Detections: 6 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
12.	SysinternalsTask.vbs	c7d9559f041e7b1038d347dd43a4d0b9	6
Name: SysinternalsTask.vbs MD5: c7d9559f041e7b1038d347dd43a4d0b9 Size: 382.34 KB (382345 bytes) Detections: 6 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Network\Connections Group: Malware file Last Updated: October 24, 2025
13.	MOSTHER.vbs	b7af0c8981226e05684dcd33fa2b5bfe	4
Name: MOSTHER.vbs MD5: b7af0c8981226e05684dcd33fa2b5bfe Size: 91.14 KB (91143 bytes) Detections: 4 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: August 31, 2020
14.	ShellCommonCommonProxyStub.vbs	2c54b3222ba77b79359ed9a18e77dd83	4
Name: ShellCommonCommonProxyStub.vbs MD5: 2c54b3222ba77b79359ed9a18e77dd83 Size: 996B (996 bytes) Detections: 4 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
15.	images.vbs	9701ef2d4ba15cef35b63075af4c6c72	3
Name: images.vbs MD5: 9701ef2d4ba15cef35b63075af4c6c72 Size: 73.27 KB (73272 bytes) Detections: 3 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
16.	shvhost7575.vbs	0c9a71a7230ea2f6cd2e0d00b06a2c2d	3
Name: shvhost7575.vbs MD5: 0c9a71a7230ea2f6cd2e0d00b06a2c2d Size: 548B (548 bytes) Detections: 3 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
17.	Start Network.vbs	b074677fe9217dd6180475299e98b000	3
Name: Start Network.vbs MD5: b074677fe9217dd6180475299e98b000 Size: 1.47 KB (1474 bytes) Detections: 3 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
18.	oue4hjld.vbs	a0e5c8b0ad3da42bf6952871a41bf5e8	3
Name: oue4hjld.vbs MD5: a0e5c8b0ad3da42bf6952871a41bf5e8 Size: 604B (604 bytes) Detections: 3 Path: C:\ProgramData Group: Malware file Last Updated: March 9, 2022
19.	bhnasleil.bat	0f96848827a2960f874bcf613ce1e72c	3
Name: bhnasleil.bat MD5: 0f96848827a2960f874bcf613ce1e72c Size: 3.75 KB (3751 bytes) Detections: 3 Type: Batch file Path: C:\ProgramData Group: Malware file Last Updated: March 9, 2022
20.	RelaisColis.vbs	5abfef886edf023c0d0d7aec64352f29	2
Name: RelaisColis.vbs MD5: 5abfef886edf023c0d0d7aec64352f29 Size: 46.51 KB (46510 bytes) Detections: 2 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
21.	svchost.vbs	63351755131dba12607c38c8a7662b88	2
Name: svchost.vbs MD5: 63351755131dba12607c38c8a7662b88 Size: 28.8 KB (28806 bytes) Detections: 2 Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 16, 2020
22.	adf.ly.vbs	741dbfff3fe12aaeedf93329f7f4aee4	2
Name: adf.ly.vbs MD5: 741dbfff3fe12aaeedf93329f7f4aee4 Size: 237.97 KB (237976 bytes) Detections: 2 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
23.	Opera.vbs	7059014f874427014f8b682ea53c28bf	2
Name: Opera.vbs MD5: 7059014f874427014f8b682ea53c28bf Size: 6.89 KB (6893 bytes) Detections: 2 Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 16, 2020
24.	25494safa.vbs	b82bb3060acdce3d686589987d5f3ba2	1
Name: 25494safa.vbs MD5: b82bb3060acdce3d686589987d5f3ba2 Size: 14.26 KB (14267 bytes) Detections: 1 Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 16, 2020
25.	rhxcqluqpf.vbs	405595a669f98ef201df764c9ccf0f73	1
Name: rhxcqluqpf.vbs MD5: 405595a669f98ef201df764c9ccf0f73 Size: 29.59 KB (29598 bytes) Detections: 1 Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 16, 2020
26.	idqadqqnab.vbs	4e1d7155d2d02daef49e4ccf75d9af70	1
Name: idqadqqnab.vbs MD5: 4e1d7155d2d02daef49e4ccf75d9af70 Size: 356B (356 bytes) Detections: 1 Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\start menu\programs\startup Group: Malware file Last Updated: July 16, 2020
27.	windows updates service.vbe	c3fcf7ea83c262c14516c0ac3d7db633	1
Name: windows updates service.vbe MD5: c3fcf7ea83c262c14516c0ac3d7db633 Size: 997B (997 bytes) Detections: 1 Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\windows updates files Group: Malware file Last Updated: August 5, 2020
28.	%Windir%\FunshionInstall_C43423.exe
Name: %Windir%\FunshionInstall_C43423.exe Type: Executable File Group: Malware file
29.	%Windir%\ads.exe
Name: %Windir%\ads.exe Type: Executable File Group: Malware file
30.	%Windir%\105.exe
Name: %Windir%\105.exe Type: Executable File Group: Malware file
31.	%Windir%\qvodsetup3.exe
Name: %Windir%\qvodsetup3.exe Type: Executable File Group: Malware file

More files

Registry Details

Trojan-Downloader.VBS.Agent may create the following registry entry or registry entries:

File name without path

BronCoder.vbs

BronCoder.wsf

chost.vbs

desktop.vbs

Dir.vbs

payment.vbs

securityproductinformation.vbs

ShellCommonCommonProxyStub.vbs

Skype new version.vbs

Start Network.vbs

svhost-system.vbs

system.vbe

win32.vbs

windows defender.vbs

Regexp file mask

%ALLUSERSPROFILE%\0.vbs

%ALLUSERSPROFILE%\[RANDOM CHARACTERS]..vbs

%ALLUSERSPROFILE%\do.vbs

%ALLUSERSPROFILE%\helping.vbs

%ALLUSERSPROFILE%\service.vbs

%ALLUSERSPROFILE%\System.vbs

%APPDATA%\[RANDOM CHARACTERS].[RANDOM CHARACTERS].vbs

%appdata%\[RANDOM CHARACTERS].vbe

%APPDATA%\cloudfire\cloudfire.vbs

%APPDATA%\install\gui.vbs

%APPDATA%\Javaupdate.vbs

%APPDATA%\MediaCache\[RANDOM CHARACTERS].ps1

%APPDATA%\MediaCache\[RANDOM CHARACTERS].vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[NUMBERS].vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]..vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].exe.vbs

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS].vbe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].vbs.vbs

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]host.vbs

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]sex[RANDOM CHARACTERS].vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Az3r.vbs

%appdata%\microsoft\windows\start menu\programs\startup\cifrado.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\cli.vbs

%appdata%\microsoft\windows\start menu\programs\startup\crack.vbs

%appdata%\microsoft\windows\start menu\programs\startup\def.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Documento.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\dsthfdjyjdb.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\explore.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\explorer.vbs

%appdata%\microsoft\windows\start menu\programs\startup\facebook.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\google.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\gui.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\HDMonitor.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\IEmonitorMgr.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Java Plataforma Updater.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\MicroDump.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\mirosoft.js

%appdata%\microsoft\windows\start menu\programs\startup\payment.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Protected.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\StartupManager.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\win32.vbs

%APPDATA%\NVIDIA\NVIDIA.vbs

%APPDATA%\objectbdservice.vbs

%APPDATA%\perform\update.vbs

%APPDATA%\svcsystem.vbs

%APPDATA%\upc.vbs

%APPDATA%\Updater\Checkversion.vbs

%APPDATA%\Updater\Downloadtofolder.vbs

%APPDATA%\Updater\Fullreinstall.vbs

%APPDATA%\Updater\recovery.vbs

%APPDATA%\vito\appids.vbs

%APPDATA%\windows.vbs

%appdata\microsoft\windows\start menu\programs\startup\startup.vbs

%HOMEDRIVE%\Perform\update.vbs

%PUBLIC%\Libraries\Checks.vbs

%TEMP%\[RANDOM CHARACTERS]..vbs

%TEMP%\AutoRunApp.vbs

%TEMP%\Az3r.vbs

%TEMP%\bjdz\explor.vbs

%TEMP%\Crypted.vbs

%TEMP%\eco\[RANDOM CHARACTERS].vbs

%TEMP%\google.vbs

%TEMP%\serviecs.vbs

%TEMP%\System.vbs

%TEMP%\VBS.vbs

%TEMP%\wdn\explore.vbs

%TEMP%\Windows.vbs

%USERPROFILE%\.win\que.vbs

%USERPROFILE%\.win\winscrpt.bat

%USERPROFILE%\Documents\don.vbs

%WINDIR%\ex.vbs

%WINDIR%\que.vbs

%WINDIR%\s.vbs

%WINDIR%\winscrpt.bat

%WINDIR%\x.vbs

HKEY..\..\..\..{RegistryKeys}

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #3 without extension].MyNSHandler\Clsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #3 without extension].MyNSHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}]

Directories

Trojan-Downloader.VBS.Agent may create the following directory or directories:

%HOMEDRIVE%\wh2

Analysis Report

General information

Family Name:	Trojan.VBS.Agent
Signature status:	No Signature

Known Samples

MD5: 6ca00eafe67cdc75cf6f44c6213c3763

SHA1: 6be32d7078ca1f39dc0aa75ba503b398e35e99d4

File Size: 9.23 MB, 9229500 bytes

MD5: 52a98877ebae2c8a043795a09d318def

SHA1: 8f743f0a89e3ca1cba58990af0c49bbcc3e56686

File Size: 9.06 MB, 9057391 bytes

MD5: d953bfb93415440826403c4fadbb7218

SHA1: ceac16dfe12eb640844810df96c4ce60c1f6bbdf

File Size: 4.26 MB, 4263692 bytes

MD5: 394b56a8c096fb298f602d08fcbd6b40

SHA1: 00f52e31522c0199d7374507614d729a8b3807c7

File Size: 7.52 MB, 7517273 bytes

MD5: 7b05ea8521d30273c7642bb2c723281b

SHA1: 61fdd793393f864453b20bda67ad452d72171272

File Size: 6.96 MB, 6960268 bytes

MD5: 6d81a540e1b2503fcb237151856976fb

SHA1: 7b412d3a24b12f0b9079fdd3e349e440b4bc8980

File Size: 9.85 MB, 9852653 bytes

MD5: 975a5e6c7d3e768da7f9a2b8936311e1

SHA1: c95777f86bed46b8054543bc23830c138b78b08b

File Size: 9.87 MB, 9868530 bytes

MD5: b32beebc1611a1118a3f3b5e5843a3ad

SHA1: 8535830847bc9e8e57e4cc50c18a494a4eefa67d

File Size: 4.34 MB, 4337058 bytes

MD5: ea1feb326ab0fc090584c1b4c231b536

SHA1: 4878973590e78130f3ea2a2ef81983393a8dce03

File Size: 6.87 MB, 6866197 bytes

MD5: ef907e3e4bfe643a6e08acdea61b2f0b

SHA1: 5a3f11be2077e865486351f3776934b3a499695d

File Size: 3.16 MB, 3162112 bytes

MD5: aa324379319e254b5ee6ae8359c2860f

SHA1: c51b90d7e0e8b05c1c5337697c158d29773646dd

SHA256: F26CFB5E1205A9BB0212AFE4072A3A46361040F4D2478993D220117329576A28

File Size: 2.12 MB, 2116024 bytes

MD5: 0a2a9e9b70720b5664c57a32dc251c28

SHA1: 3c624a0616fe7426c816210e59c777103743034f

SHA256: 7781298AA547CA03589C8DA468EFC66764ACE46BD95D5083AE35DAF5A179D70F

File Size: 4.32 MB, 4320019 bytes

MD5: 8bf1889d61747ae49503839bb9a5ccf7

SHA1: b7701f49dd76fbb899938fc62216c6d0cf4ebf6e

SHA256: 20BA43DCF37B4E2DB0EA66826956FD7FC5E1166F95ECBEC8DD4EDFFD5B30BF97

File Size: 3.98 MB, 3983806 bytes

MD5: 0cb5daaf643b3357a941b7823d8db5f9

SHA1: c75b430e95d4cf0293f480ef18dcb6d3648405c7

SHA256: 17619E33DC79FA9FE95EA186BB5806F7EBC4E6951D5E3351675F3A4E97779B17

File Size: 5.02 MB, 5019972 bytes

MD5: e1af56bf60f5a95c62df5575a1a752c8

SHA1: 40342431cc2614cd8dc813271588d472b23c94d6

SHA256: ADA3AE41CA5D12272C6A202E504C4D456AE1CD11D0BA23DF93A3C13F31401636

File Size: 2.24 MB, 2244096 bytes

MD5: f1db90bf5d46bb698d7aa9480e2724e0

SHA1: bdee2c1420afe80f5596c358fbb7d5644422713b

SHA256: 9BFC75E72AD81D1997489C972F263F135398776986AF20CA047CEC35B622F6E1

File Size: 163.84 KB, 163840 bytes

MD5: 2f404bed24308cee8733241d9cf97312

SHA1: a36ea2ca90e77bc6d0377b27488b375815d56551

SHA256: 2E83CC8A922FA91109EA5E5BFD795CFA5790DCF6A55C8885B2F4099C9BD6B021

File Size: 1.91 MB, 1909143 bytes

MD5: 2606d7553ee17a1ab39f027e45b48a4a

SHA1: 0b1939486698274e6bd8b45fe5c62d8a4d8b973e

SHA256: 8EAB5D533A95E8DC89BA9AEA23F6BAA5BB5C2D3AE72B0241EB7C68633BD72AA8

File Size: 5.76 MB, 5756390 bytes

MD5: 5d3e896eae4713390c4a9de24ac03434

SHA1: aaf8d92d6bc3ecee32868803ccfeb0d95a9e2745

SHA256: 660CDDBF3159E00C608F8F59CBBC514D79841576C9CE5E3A8209C765E91793ED

File Size: 7.90 MB, 7903175 bytes

MD5: 4a9b597bc41274962518d52be7e4aca8

SHA1: 6ce38bf22133c7f80ec2a23201ff9857ee0d7805

SHA256: 7743EDD3D07C28EAE84F0437DF8915442F9DCF28C93844924358F352FEE8AE5A

File Size: 9.85 MB, 9848437 bytes

MD5: 87beaa21a40598b34c905c5b4e7ba0e0

SHA1: 29730918e3770791ee7259e8853128274f1a04ef

SHA256: 9DA3BFBF8716467B10890E3047F7A5C5B114FC8DFB1E1BE3D0C60EC81258CD44

File Size: 2.09 MB, 2088448 bytes

MD5: 396d438ea68c45eef3c6346c0a432a2a

SHA1: 32036a3c21dcfe82cd5fb7237c202e2d5fbdc5b6

SHA256: DC6E22752CBBDE7C465376E34661DDD139F7F59EED4FE228448AB3987A16BE96

File Size: 5.51 MB, 5507871 bytes

MD5: 7aec295dd044952306133b02e697a422

SHA1: 3f560308b3685d234be7a848eaeb6bb2c8de73e3

SHA256: 2F712AB72374760BF4D1BC0C750686C321E02ACFA1DF275DBF37499425E78A0D

File Size: 2.23 MB, 2225152 bytes

MD5: 16487ca3b1ca835ed2d3fc017d6c22cc

SHA1: 3bda2836ecb766b53c58af83dca86eb2b2594635

SHA256: 8F7569E82BD339F3E24431884687B095F678971F20053787D93359672BB9F687

File Size: 163.84 KB, 163840 bytes

MD5: 96bc461ca73a1d177fe61adee0f5acf7

SHA1: 6912f1e6ce78e4b93e1ec1832cd5fbc448cee904

SHA256: 260129A983651D69AE069E86E9FCD60DA72B81DF2DEC486D00E19A755875BFA9

File Size: 4.02 MB, 4018953 bytes

MD5: f0b7a622f75982ce4f1af87a418abd6a

SHA1: 59b9efcbc7e05b3d78171954e02d17251759b531

SHA256: 4C9F8EE4E88F68CF0C0C550CDF9DE30A12D8E8BC3B500AEF87A9203907205C24

File Size: 4.27 MB, 4271118 bytes

MD5: ec52d6fcb19af20dd3f69801d4dd0405

SHA1: 648ca0f1dcae2bb644b6ccdbf09132e73cfe8b4a

SHA256: 48800766B66651565E7B776B8DDFBBC7838D4D9894C0C8ACFE90C7979FBC2EA9

File Size: 886.18 KB, 886179 bytes

MD5: d24454ca683ba5ce638386ec137ea1dd

SHA1: 70adac4cd04852824e5708fc35777f7305ea4ddb

SHA256: 8F7D547CB00203F885E1FA12EF2EDD6A2A06E64399DF0257F47782E54149C7E8

File Size: 7.39 MB, 7394490 bytes

MD5: e0224757339eaca2d1f58cbd40f87452

SHA1: 2b60ca0ebb4b625590794db539a6ae12979d9abf

SHA256: 03E7D247DAA7B91BBC0C19DF77CE337864376D1B757E0DB49C20D33AB7DDCC65

File Size: 4.02 MB, 4018956 bytes

MD5: 9843d4cb1ff9e4b22053392784734539

SHA1: 153f77c4833bf049073a9ddea127dda271fc64d4

SHA256: 3EB756620D1E11B28E4E86ABBFA977754A40610BA6B3EB020AB0411F54890F50

File Size: 1.92 MB, 1918049 bytes

MD5: a35fc9123b11f400aca6074dd82e9466

SHA1: 3d4ed303c24070d198e4e8da781fe595464a83f8

SHA256: 5A99C22FEAA515B4534EE1BA80B9C031045FAAEC6E4A797C7DD0ACF0EE625BA4

File Size: 869.59 KB, 869593 bytes

MD5: 3bced2cea7134096df09954685920fe6

SHA1: d21a86c60c70c8ef4d35a360ec5cdb97e3d99f93

SHA256: 4CC2909AE811F6D7EF22F0D7063C8D0C47B2F500A64CE729FAC1CFB4F4F0B2EB

File Size: 329.70 KB, 329698 bytes

MD5: 1647a78f3b8e4419628368026534b89f

SHA1: 106d36a7cc749575bdf6891ef1efa6997d5f239e

SHA256: A8977835C0902FF41C536597BE155D1FE6F66AF9BE6D435C186FBCE1CFC5F3B8

File Size: 9.85 MB, 9848297 bytes

MD5: ef18e29c5b79383daa5b1f5e73978f41

SHA1: beb02979a1c378f3c1518bc6e7253c9393cc8472

SHA256: E6F0697CE1D4C77AD9E2A36BCD9712F406357093DA854A84B7261FADF07A8136

File Size: 6.76 MB, 6763821 bytes

MD5: 26fca18dcb455e6d3cc9857aed8182c1

SHA1: 339685f8942dbf011248c981211502c196c339ed

SHA256: 873D2BBB83BE076AF98D39A5180A6A1CB163EFF49337A41911F78D49AB2482CA

File Size: 4.02 MB, 4018952 bytes

MD5: 94623689818b2774d00ad6146249dd3b

SHA1: 191a16fd38adc5bd395778224803ee2dff537ff6

SHA256: F5EEAAAA67BE3488EC0FBFC6210B78ED040CEF8FCDBE3306FC6D51092928437D

File Size: 3.85 MB, 3849687 bytes

MD5: e80bb732513398bc209b1697234480dc

SHA1: 2d2aef3a950f56c67c8792030287b7e4c272aa07

SHA256: FE6852E1A8C444E6594C6588A098A2F7DD99FB5F156D26E068EFD0E02D346A4D

File Size: 27.14 KB, 27136 bytes

MD5: 858fd181f9e99fa9dca8c316b61c2d74

SHA1: e5a97969ce9326a0aada8b53b3a78f955f728952

SHA256: 5E89155792F84B15C5EB5A3FC5DF8821D2B7AED0F5B2C32DC8D886752696A66C

File Size: 3.84 MB, 3835974 bytes

MD5: b7a1da1e159e113067abd01ad3664540

SHA1: cf58683d45b743c8c02de6f7413b42647e188398

SHA256: 83D03BB3A702B99487B1FE75725470EEFAC8E16CDF2BD2DA496D28C21B9B50C3

File Size: 151.04 KB, 151040 bytes

MD5: 34c3ec9506c7a3ed25b2d1a6999590fc

SHA1: 2b6e9e4a0616a833bf992297216358f08d73bf3c

SHA256: 29DCFF0435E1179090AF0AE8D13A91FCDC8779C5A440F1453A61E95EE950FAFE

File Size: 151.04 KB, 151040 bytes

MD5: 868bdbd12368d4895f747504f68ba2ff

SHA1: 0329c273a4c68b60d9a081bc181c084acd8f7c58

SHA256: 6D263440D8447984CE5FC172B717A91664E193A3C748FED191BDC479912EA7A6

File Size: 7.84 MB, 7836913 bytes

MD5: 5e572eaf530f01d6cdd1f7e10e14b8e4

SHA1: 135debac511c2ec3d1be1771eecbd742899cc444

SHA256: C43BF10CF4A82AC906F535930EE748D030EDCCA02B7F1A3C3C6172B84F83E677

File Size: 4.05 MB, 4054283 bytes

MD5: 31d6abf480aae4086989792bd107b027

SHA1: e15cb1875e7cc91fe9fcebf6626168de44e18734

SHA256: 7A218A15C6E35CDA45A4E2E302052E09936E87C0FB9DE406705D01BE401519DA

File Size: 4.09 MB, 4090626 bytes

MD5: 3424e2d8b3b4674da49ff116e6051b3b

SHA1: d0cf73c1cfb83c5ea2f3ff46a86983df5b8540fe

SHA256: A0DA9F32E9FF42E70F07DF6179EFF8BCC8159B83E31FC9041ED517B90B45007D

File Size: 4.02 MB, 4018866 bytes

MD5: 44051ea2003ce59272ee474d1e309efe

SHA1: 7facc87ec03909a6c5b6ff51da41ec38157c814e

SHA256: 8812A9D2DB573E2E310F53E0A248951D2DAAC3C97A560231348C49C3ADD975CB

File Size: 8.38 MB, 8379853 bytes

MD5: 159f475638c49e7037b6367a9f45587e

SHA1: d15b68280cdd1678f2cd5cf3fe087fed8b2471c2

SHA256: 40FE8DE4606A814A7514FAA133CF2FCA07A113AB9533268DCA4EDD13873A4F2F

File Size: 3.12 MB, 3121305 bytes

MD5: 4df66c4618aa1dc1a41df9b827c0bbee

SHA1: 13617735130e15a5db58bec544b9e55f42d902a4

SHA256: 8D3723084A49EA651246C0BDE91686B785F966AC3FA798659CB934439348F5B5

File Size: 985.09 KB, 985088 bytes

MD5: aed1a3234b1e54ff9c44639b74971c89

SHA1: 17386eddbbe53fa31f87b2352e07c88dc27ab7f0

SHA256: A3081EDC58DF17755A8DECD65839BDD5D6F8A3226106E58D5803C408119E1DA7

File Size: 4.25 MB, 4245773 bytes

MD5: 08dc9ee357d8ca6535e582d2b621e1f8

SHA1: 4d353d57a43873c606a4d781f3828633775bbc25

SHA256: 7763E3560063E25D4563EBD95FA07D3F76A8EF19567C628AFC418201EF3B660C

File Size: 151.04 KB, 151040 bytes

MD5: a87a1730b0e2a026c7dc823aefd370ee

SHA1: 019554e9995f43e21b122cd71f845a32e6417be2

SHA256: 439338FE09E29FE60446C4021908511B0568DF67627FE9B59E750EF7F214B7AD

File Size: 305.66 KB, 305664 bytes

MD5: e43585583761696b2b4437175b77f53a

SHA1: 333d217a83ae8b69f03de37def1863ce4a41f076

SHA256: CAD51557C05F9727F6600EEE793192D23200E94363466581B43D46CF6D4F019B

File Size: 2.66 MB, 2659349 bytes

MD5: 31e5d248abd78bceaed9913516313d34

SHA1: 3a8a6315bc45b28d0e9314cac1baaece48aa0226

SHA256: D1C5BC5F076C86A9F1893A65E40D3CE7752AB542BDFEF70D5D1653BBD86A2005

File Size: 4.00 MB, 4003255 bytes

MD5: 892f1bf7aadeb32b43d83651e8c61a40

SHA1: 93f1439496f05b5d2846d573d3b534e25c30694d

SHA256: 791F2CC35489F8D33CFFC8D4B3AB3F50672E8906B917EEEE9A3DAE6250A87F74

File Size: 4.39 MB, 4385287 bytes

MD5: b256335f6274e8e9051e27389150d97d

SHA1: e1aea4ec462f7a7a8f2321b898b4e838e65e02bb

SHA256: 9B9B06919ED8C208259FF339E6F627432552519D7FE37F8D8912DD2A0120F649

File Size: 4.21 MB, 4210615 bytes

MD5: 8890d26d8c890e5c9d7632d00b155718

SHA1: 99a71f17b344b3d0416f8a4bce0cfd8ef4294b7d

SHA256: 9C402C3B51ED1F892A1FBF173ED24DFE40C836D2E6E9CD74E10076CD6432F16E

File Size: 1.75 MB, 1746521 bytes

MD5: 265fe2b343c1a24a816f0f449d44c074

SHA1: d70ae7f5a50d14639db847e32296aed3c535db74

SHA256: E31F35A5EEA30136D202D5B469D59115ED5ECBBD1E9AD904E735EF55CA5A8ADD

File Size: 9.92 MB, 9923972 bytes

MD5: 02d7fa257ddfd206d9583db5f991b6f9

SHA1: 4dce96d83fda241902b87354b93a96958f69133d

SHA256: 2F964FCA9EF906EEF7EACF82AA39213423073D335F5B9B564DFAA61FB1DF714F

File Size: 3.91 MB, 3910295 bytes

MD5: 8fe3d805211a464b4c6bfea44f744efd

SHA1: 6b99905435affe0eb05143c70a553734b8d34592

SHA256: 8A09E895C305426D3D3C1C0DB7CAF8B57F2329B11580C55696179F33386B7443

File Size: 3.38 MB, 3382851 bytes

MD5: f176b4b5967a9bc7b41cdf6976d7a180

SHA1: 3df81eab4d40cb86e367a43e1a71678a85241ab7

SHA256: 4228E040D053A0158FB70157C73D72FC7402633C7FC6014CDD50BC2A37D31350

File Size: 94.72 KB, 94720 bytes

MD5: dd33962df458b52ad50f36724faf5bbc

SHA1: 689648461a7867e8a0530aa0ae315f806b4bed3e

SHA256: 6EE700665C9DCD55C50782D6CA04118D759DC340303ECA4461DF5DC40D161085

File Size: 4.26 MB, 4264952 bytes

MD5: 3f444cde753918588a4231a2417196da

SHA1: 98f154f7c085026af26719365fee8586759901c6

SHA256: 1614D037DC4F284CD783B1D625411872B5187E4FF046707D5403AE591FD504B8

File Size: 4.21 MB, 4210680 bytes

MD5: e66cda2892c972f8a785996cac8c89cc

SHA1: 765f5e0c5006356faf53a767c680da89be7850a4

SHA256: A34D896F800395D324A11C64F8BC33F385C0AE82AA6C73AC18AFD7105A594C5D

File Size: 4.05 MB, 4054278 bytes

MD5: 8610cd7603a806aa98e016bf492addb8

SHA1: e353013c0a796d33d8be550a4594afb5a87ee123

SHA256: 5CFAAED741FDBB49F9CDEF51554C57073014AFE2B82DD77F131FC1CAFF13EE22

File Size: 32.77 KB, 32768 bytes

MD5: ad39078f42196ff355f7025964b27326

SHA1: 3eceb178c0daa78ee3209009b9fb3c4afae8dd14

SHA256: 5803B10EB18E37F87070F975DFD4A3F2D4772422A1D5FC96F8CE69FC488202B5

File Size: 31.74 KB, 31744 bytes

MD5: ccaec51b93fe6072e06656f6d4c52b19

SHA1: 8dac57764ae0dd33da342d20dbb58d5548dd738e

SHA256: 9183E905B0FDAFC17EE6F14862C1D1EF2EE8070FC7ABF49A0C53DA28609B3DAC

File Size: 33.28 KB, 33280 bytes

MD5: c69e2cf84fc0024120c001aa0a59fa41

SHA1: 71a01772a07c32c2e92ce5228e3860d4d9d46e54

SHA256: 8068914A6C1916BCC7967F82E3AE5777D2447CEF63392336E157F7F8493DBA9D

File Size: 33.28 KB, 33280 bytes

MD5: e3c91dd360be049182022d99ba3767fb

SHA1: 82c0f2627a7e39f8f795c6b10ce8632fb0469e4e

SHA256: 84565828FEC6E7955C0D6C51EFB3BF3B99AE212207AA1D6815279FEE397AFB02

File Size: 3.57 MB, 3574879 bytes

MD5: 2bf97fb61aa6370de8b3fd6a3982f8c1

SHA1: 5657521f5413a6a0a7739044f34883e0fb164254

SHA256: 0095EF8B772785CC4492E7EF82F62E1EEB79CE9092A17995E4187B0EBF08A39F

File Size: 9.66 MB, 9655843 bytes

MD5: 9ba131e5a1163de4dee0a390bce299ae

SHA1: 003c422f3d2c2c05269f23eac307bbb7f7b9a4e2

SHA256: 64C4B2B6383D789702005632457E65571461A5BA40DF4DBAE47152CAB3E099CB

File Size: 9.87 MB, 9869636 bytes

MD5: c7b68e453dab1dff96e44c169d48524f

SHA1: d642bc1c7774306c99ecdfcbbb5bcc22efedae56

SHA256: C06366BD680B642DCAFC8DC46BD6D1C3F193A212C75474ECD5915C6A5E4C531F

File Size: 4.05 MB, 4054285 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	9.40290.0.7 1.0.0.0 0.0.0.0
Comments	For additional details, visit PortableApps.com Please visit http://www.internetdownloadmanager.com This installation was built with Inno Setup.
Company Name	DR.Ahmed Saker FANUC Robotics Igor Pavlov Magnet Forensics Microsoft Corporation Oleg N. Scherbakov Overwolf Ltd. PortableApps.com Swearware Tonec Inc. Show More Tonec Inc. Tonek Inc. © 歪果不求仁
Company Short Name	Microsoft
Compiled By	Compiled by SFXMaker
File Description	7z Setup SFX (x86) 7z SFX AkelPad Portable ComboFix NSIS Installer downloader Internet Download Manager (IDM) Internet Download Manager installer Internet Download Manager Modified Internet Download Manager Setup Internet Download Manager v6.42.28 Show More Internet Download Manager v6.42.36 Internet Download Manager v6.42.38 Internet Download Manager v6.42.40 Internet Download Manager v6.42.51 Internet Download Manager v6.42.57 Magnet.Engine.SigmaRules Microsoft Edge New Workcell/Robot Serialization Wizard Overwolf Win32 Cabinet Self-Extractor
File Version	103.0.1264.71 37.0.0.0 19.11.04.01 11.00.19041.1 (WinBuild.160101.0800) 9.40290.00.07 9.22 beta 6.42.57.3 6.42.51.3 6.42.40.3 6.42.38.3 Show More 6.42.36.3 6.42.28.3 6.39.7.0 6.23 6, 41, 11, 1 4.9.8.0 2.282.0.1 1.25.0.0 1.4.1.2100 1.0.0.0 0.0.0.0
Internal Name	7z.sfx 7ZSfxMod 6974e9b50a63e.exe 6975b2ec72991.exe 6977cd2f54beb.exe 697784d8e58fb.exe AkelPad Portable ComboFix.exe downloader.dll ForceWar.exe Show More installer Magnet.Engine.SigmaRules.dll msedge_exe RGSerializeWizard.dll script2.exe Wextract
Last Change	1f7a1d165042010b399db54bd56390dd47e15013
Legal Copyright	2007-2016 PortableApps.com, PortableApps.com Installer 3.3.2.0 Copyright (c) 1999-2011 Igor Pavlov Copyright (C) 2021 Overwolf Ltd. All Rights Reserved. Copyright Microsoft Corporation. All rights reserved. Copyright © 2005-2010 Oleg N. Scherbakov Copyright © 2025 Copyright © Magnet Forensics Inc. 2024 FANUC Robotics @ 2001 Mev ltd. sUBs Show More © 1999-2013. Tonec, Inc. All rights reserved. © 1999-2023. Tonec, FZE. All rights reserved. © Microsoft Corporation. All rights reserved. © Tonek Inc.
Legal Trademarks	Internet Download Manager (IDM) PortableApps.com is a registered trademark of Rare Ideas, LLC.
Official Build	1
Original File Name	ComboFix.exe
Original Filename	7z.sfx.exe 7ZSfxMod_x86.exe 6974e9b50a63e.exe 6975b2ec72991.exe 6977cd2f54beb.exe 697784d8e58fb.exe AkelPadPortable_4.9.8.paf.exe downloader.dll ForceWar.exe installer.exe Show More Magnet.Engine.SigmaRules.dll msedge.exe RGSerializeWizard.dll script2.exe WEXTRACT.EXE .MUI
Portable Apps.com App I D	AkelPadPortable
Portable Apps.com Format Version	3.3
Portable Apps.com Installer Version	3.3.2.0
Private Build	6.23 Repack betssaf April 28, 2011
Product Name	7-Zip 7-Zip SFX AkelPad Portable ComboFix downloader FANUC Robotics Serialization Wizard Internet Download Manager Internet Download Manager installer Internet Download Manager v6.42.28 Internet Download Manager v6.42.36 Show More Internet Download Manager v6.42.38 Internet Download Manager v6.42.40 Internet Download Manager v6.42.51 Internet Download Manager v6.42.57 Internet Explorer Magnet.Engine.SigmaRules Microsoft Edge Overwolf
Product Short Name	Microsoft Edge
Product Version	103.0.1264.71 11.00.19041.1 9.40290.00.07 9.22 beta 6.39 Build 7 Activated 6.38 6.21 Build15 6, 41, 11, 1 4.9.8.0 2.282.0.1 Show More 1.25.0.0 1.4.1.2100 1.0.0.0 1.0.0 0.0.0.0
Special Build	IDM.exe cracked

Digital Signatures

Signer	Root	Status
Rare Ideas, LLC	COMODO RSA Code Signing CA	Self Signed

File Traits

CAB SFX
HighEntropy
Wextract
WScript.Shell
x86

Block Information

Total Blocks:	1,449
Potentially Malicious Blocks:	3
Whitelisted Blocks:	1,310
Unknown Blocks:	136

Visual Map

0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? x 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 x 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 ? ? 0 0 ? 0 ? x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.XAE
Coinminer.GQ
MSIL.Agent.FSDA
MSIL.FakeMS.HG
MSIL.FakeMS.LA

MSIL.FakeMS.QL
MSIL.FakeMS.QN
MSIL.FakeMS.SA
MSIL.Gamehack.BAVB
MSIL.Gamehack.BAVG
MSIL.Gamehack.BOWG
MSIL.Gamehack.O
MSIL.Gamehack.OI
MSIL.Gamehack.OIA
Malex.N
Tedy.L
Wana Decrypt0r.A

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\pshost.134099830157259192.2756.defaultappdomain.2d2aef3a950f56c67c8792030287b7e4c272aa07_0000027136	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134119024177185771.5280.defaultappdomain.019554e9995f43e21b122cd71f845a32e6417be2_0000305664	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw	Synchronize,Write Attributes
c:\32788r22fwjfw\boot.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\boot.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\c.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\c.bat	Synchronize,Write Attributes

c:\32788r22fwjfw\combobatch.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\combobatch.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\delclsid.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\delclsid.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\delclsid64.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\delclsid64.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\find3m.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\find3m.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\fixlsp.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\fixlsp.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\history.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\history.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\lang.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\lang.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\license	Synchronize,Write Attributes
c:\32788r22fwjfw\license\curl - license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\curl - license.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\license\dumphive-license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\dumphive-license.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\license\extract.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\extract.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\license\fi - license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\fi - license.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\license\mtee.txt.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\mtee.txt.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\license\unxutilsdist.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\unxutilsdist.html	Synchronize,Write Attributes
c:\32788r22fwjfw\license\zip - license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\license\zip - license.txt	Synchronize,Write Attributes
c:\32788r22fwjfw\list-b.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\list-b.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\list-c.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\32788r22fwjfw\list-c.bat	Synchronize,Write Attributes
c:\32788r22fwjfw\list-d.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_12857609	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_144457453	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_153931187	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_2144875	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_2146671	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\__tmp_rar_sfx_access_check_23562	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\dumper	Synchronize,Write Attributes
c:\dumper\7za.dll	Generic Write,Read Attributes
c:\dumper\7za.dll	Synchronize,Write Attributes
c:\dumper\7za.exe	Generic Write,Read Attributes
c:\dumper\7za.exe	Synchronize,Write Attributes
c:\dumper\7zxa.dll	Generic Write,Read Attributes
c:\dumper\7zxa.dll	Synchronize,Write Attributes
c:\dumper\__tmp_rar_sfx_access_check_556703	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\dumper\__tmp_rar_sfx_access_check_726140	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\dumper\audio system.bat	Generic Write,Read Attributes
c:\dumper\audio system.bat	Synchronize,Write Attributes
c:\dumper\audio system.vbs	Generic Write,Read Attributes
c:\dumper\audio system.vbs	Synchronize,Write Attributes
c:\dumper\audio.vbs	Generic Write,Read Attributes
c:\dumper\audio.vbs	Synchronize,Write Attributes
c:\dumper\benchmark_10m.cmd	Generic Write,Read Attributes
c:\dumper\benchmark_10m.cmd	Synchronize,Write Attributes
c:\dumper\benchmark_1m.cmd	Generic Write,Read Attributes
c:\dumper\benchmark_1m.cmd	Synchronize,Write Attributes
c:\dumper\config.json	Generic Write,Read Attributes
c:\dumper\config.json	Synchronize,Write Attributes
c:\dumper\downtrj.bat	Generic Write,Read Attributes
c:\dumper\downtrj.bat	Synchronize,Write Attributes
c:\dumper\downtrj.vbs	Generic Write,Read Attributes
c:\dumper\downtrj.vbs	Synchronize,Write Attributes
c:\dumper\gtservices.exe	Generic Write,Read Attributes
c:\dumper\gtservices.exe	Synchronize,Write Attributes
c:\dumper\mouse.bat	Generic Write,Read Attributes
c:\dumper\mouse.bat	Synchronize,Write Attributes
c:\dumper\mouse.exe	Generic Write,Read Attributes
c:\dumper\mouse.exe	Synchronize,Write Attributes
c:\dumper\ntrights.exe	Generic Write,Read Attributes
c:\dumper\ntrights.exe	Synchronize,Write Attributes
c:\dumper\pool_mine_example.cmd	Generic Write,Read Attributes
c:\dumper\pool_mine_example.cmd	Synchronize,Write Attributes
c:\dumper\rtm_ghostrider_example.cmd	Generic Write,Read Attributes
c:\dumper\rtm_ghostrider_example.cmd	Synchronize,Write Attributes
c:\dumper\sha256sums	Generic Write,Read Attributes
c:\dumper\sha256sums	Synchronize,Write Attributes
c:\dumper\solo_mine_example.cmd	Generic Write,Read Attributes
c:\dumper\solo_mine_example.cmd	Synchronize,Write Attributes
c:\dumper\start.cmd	Generic Write,Read Attributes
c:\dumper\start.cmd	Synchronize,Write Attributes
c:\dumper\system.bat	Generic Write,Read Attributes
c:\dumper\system.bat	Synchronize,Write Attributes
c:\dumper\system.vbs	Generic Write,Read Attributes
c:\dumper\system.vbs	Synchronize,Write Attributes
c:\dumper\system.xml	Generic Write,Read Attributes
c:\dumper\system.xml	Synchronize,Write Attributes
c:\dumper\unistall.bat	Generic Write,Read Attributes
c:\dumper\unistall.bat	Synchronize,Write Attributes
c:\dumper\unistall.vbs	Generic Write,Read Attributes
c:\dumper\unistall.vbs	Synchronize,Write Attributes
c:\dumper\update.vbs	Generic Write,Read Attributes
c:\dumper\update.vbs	Synchronize,Write Attributes
c:\dumper\wget.vbs	Generic Write,Read Attributes
c:\dumper\wget.vbs	Synchronize,Write Attributes
c:\dumper\winio64.sys	Generic Write,Read Attributes
c:\dumper\winio64.sys	Synchronize,Write Attributes
c:\dumper\winring0x64.sys	Generic Write,Read Attributes
c:\dumper\winring0x64.sys	Synchronize,Write Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\internet download manager	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\__tmp_rar_sfx_access_check_561593	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\internet download manager\idman.exe\defexclist.txt	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\defexclist.txt	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\downlwithidm.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\downlwithidm.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\downlwithidm64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\downlwithidm64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\grabber.chm	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\grabber.chm	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idman.chm	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idman.chm	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idman.exe	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idman.exe	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmantypeinfo.tlb	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmantypeinfo.tlb	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmbrbtn.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmbrbtn.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmbrbtn64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmbrbtn64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmbroker.exe	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmbroker.exe	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmcchandler2.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmcchandler2.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmcchandler2_64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmcchandler2_64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmfsa.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmfsa.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmftype.dat	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmftype.dat	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmftype.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmftype.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmftype64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmftype64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmgcext.crx	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmgcext.crx	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmgetall.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmgetall.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmgetall64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmgetall64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmgrhlp.exe	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmgrhlp.exe	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmiecc.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmiecc.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmiecc64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmiecc64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmintegrator64.exe	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmintegrator64.exe	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmmkb.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmmkb.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmmzcc.xpi	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmmzcc.xpi	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmnetmon.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmnetmon.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmnetmon64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmnetmon64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmsetup2.log	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmsetup2.log	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmshellext.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmshellext.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmshellext64.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmshellext64.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmtdi.cat	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmtdi.cat	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmtdi.inf	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmtdi.inf	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmtdi32.sys	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmtdi32.sys	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmtdi64.sys	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmtdi64.sys	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmvs.dll	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmvs.dll	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmwfp.cat	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmwfp.cat	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmwfp.inf	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmwfp.inf	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmwfp32.sys	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmwfp32.sys	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\idmwfp64.sys	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\idmwfp64.sys	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\ieext.htm	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\ieext.htm	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\iegetall.htm	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\iegetall.htm	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\iegetvl.htm	Generic Write,Read Attributes
c:\program files\internet download manager\idman.exe\iegetvl.htm	Synchronize,Write Attributes
c:\program files\internet download manager\idman.exe\iegetvl2.htm	Generic Write,Read Attributes

971 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname	Microsoft ® Windows Based Script Host	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	챴᪉⪭ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::fname	Ananas	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::lname	AnanasBananas	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::email	ananas@bananas.com	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::serial	LH1TA-KKLZI-NBWCJ-WFVD1	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::advintdriverenabled2		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Kixphyrb\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Eqnaxnrw\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䠾皎〪ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䠾皎〪ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\winrar sfx::c%%program files%internet download manager%idman.exe	C:\Program Files\Internet Download Manager\IDMan.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	⾓ȁ偫~Ꚑơ龡^듛ï紘Ç>獖}偫~엦1좟Êdᵂċᵆċe⺸엦1¶}ꙥꙥ	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::fname	Lobillo	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::lname		RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::email	hello@from.iota	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::serial	CASAN-OVAIO-TATEA-M2012	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::installstatus		RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::advintdriverenabled2		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沑⬉ʾ䈛x䠱O᤹˃噀ñÁ᝹ʁ鱹9傄ë횎ǜɼ鶝꾢ʊ閾ʴ淃駃ó⟋ʪߙĤ鈄ĞꩠŖÉ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::fname		RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::email	m4rdhi@bravo.com	RegNtPreCreateKey
HKLM\software\wow6432node\internet download manager::serial	NC8TN-UIX5N-QAFEK-VCFXZ	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	Ꞡ욠賸ǜ	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\infdefaultinstall.exe.friendlyappname	INF Default Install	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\infdefaultinstall.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⫛洮鋴ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView Show More ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcDisconnectPort ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelIoFileEx ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetNlsSectionPtr ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData 210 additional items are not displayed above.
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo inet_addr recv send setsockopt socket
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams

Shell Command Execution


							"C:\Users\Awmtbbml\AppData\Local\Temp\is-BJBGL.tmp\6be32d7078ca1f39dc0aa75ba503b398e35e99d4_0009229500.tmp" /SL5="$9004C,8419684,731648,c:\users\user\downloads\6be32d7078ca1f39dc0aa75ba503b398e35e99d4_0009229500.exe"


							(NULL) C:\Dumper\unistall.vbs


							(NULL) C:\Dumper\audio.vbs


							(NULL) idman623b6_RePack.v2.14-_-niTe_RiDeR.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART


							"C:\Users\Phwcwskm\AppData\Local\Temp\is-Q5ECM.tmp\idman623b6_repack.v2.14-_-nite_rider.tmp" /SL5="$50142,6824488,138752,C:\Users\Phwcwskm\appdata\local\temp\7zipsfx.000\idman623b6_repack.v2.14-_-nite_rider.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5a3f11be2077e865486351f3776934b3a499695d_0003162112.,LiQMAxHB


									(NULL) IDM.bat


									WriteConsole:


									WriteConsole: C:\Users\Zvvrxwl


									WriteConsole: reg


									WriteConsole:  add "HKLM\SOFTW


									C:\WINDOWS\system32\reg.exe reg  add "HKLM\SOFTWARE\Internet Download Manager" /f /v "FName" /t REG_SZ /d "Ananas"


									WriteConsole: The operation co


									C:\WINDOWS\system32\reg.exe reg  add "HKLM\SOFTWARE\Internet Download Manager" /f /v "LName" /t REG_SZ /d "AnanasBananas"


									C:\WINDOWS\system32\reg.exe reg  add "HKLM\SOFTWARE\Internet Download Manager" /f /v "Email" /t REG_SZ /d "ananas@bananas.com"


									C:\WINDOWS\system32\reg.exe reg  add "HKLM\SOFTWARE\Internet Download Manager" /f /v "Serial" /t REG_SZ /d "LH1TA-KKLZI-NBWCJ-WFVD1"


									C:\WINDOWS\system32\reg.exe reg  add "HKLM\SOFTWARE\Internet Download Manager" /f /v "AdvIntDriverEnabled2" /t REG_DWORD /d 0


									WriteConsole: "C:\Users\Zvvrxw


									WriteConsole:  -d "C:\Users\Zv


									C:\Users\Zvvrxwlp\AppData\Local\Temp\IDM\idm1.tmp "C:\Users\Zvvrxwlp\AppData\Local\Temp\IDM\IDM1.tmp"  -d "C:\Users\Zvvrxwlp\AppData\Local\Temp\IDM\"


									cmd.exe /d /c bwsehafip.bat 6150428978


									WriteConsole: C:\Users\Kixphyr


									WriteConsole: rem


									WriteConsole:  43927934


									WriteConsole: copy


									WriteConsole:  /b ewwaopx.dat


									WriteConsole:         1 file(s


									WriteConsole: conhost.exe


									WriteConsole:  lisqeug.dat 615


									cmd.exe /c 6793fbe82c030.vbs


									C:\Users\Eqnaxnrw\AppData\Local\Temp\IXP000.TMP\6793fbe82c030.vbs 6793fbe82c030.vbs


									(NULL) REGEDIT /S RegKey.reg


									(NULL) C:\ScanStop\termina.vbs


									"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Pdfudfxf\AppData\Local\Temp\fxkncnr5\fxkncnr5.cmdline"


									"C:\Users\Fcpnguvb\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Fcpnguvb\AppData\Local\Temp\IDM_Setup_Temp\"


									(NULL) C:\Users\Xnlkxikt\AppData\Local\Temp\Fucking_pixel_SAS.exe


									open Killer.exe


									"cscript.exe" //B //Nologo //E:VBScript "C:\Users\Unklnywc\AppData\Local\Temp\component_beb00fc6.vbs"


									Install C:\Users\Hepicodw\AppData\Local\Temp\RarSFX0\en.inf


									C:\WINDOWS\system32\taskkill.exe taskkill  /f /t /im "idman.exe"

Trojan-Downloader.VBS.Agent

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan-Downloader.VBS.Agent

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed