Multi-License Discount Quote

Change Region

English
Threat Database Stealers Infostealer.Nasdosto

Infostealer.Nasdosto

By ESGI Advisor in Stealers

Threat Scorecard

Popularity Rank: 3,773
Threat Level: 90 % (High)
Infected Computers: 16,667
First Seen: January 23, 2013
Last Seen: June 9, 2026
OS(es) Affected: Windows

Infostealer.Nasdosto is a Trojan that steals information from the corrupted PC. While being run, Infostealer.Nasdosto creates the files on the infected computer system. Infostealer.Nasdosto creates the registry entries so that it can load automatically every time Windows is started. Infostealer.Nasdosto logs keystrokes on the victimized computer system. Infostealer.Nasdosto transfers the collected information to the remote locations.

File System Details

Infostealer.Nasdosto may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %System%\ns7dos.exe
2. %System%\ns6dos.exe
3. %System%\ns2dos.exe
4. %System%\nsdos2.exe
5. %System%\ns7dos
6. %System%\ns6dos
7. %System%\ns2dos
8. %System%\nsdos2

Registry Details

Infostealer.Nasdosto may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"msdos-debug" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"msdos-debug2" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"nsdos-debugg" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[RANDOM CLSID]\"StubPath" = "[HEXADECIMAL CHARACTERS]"

Analysis Report

General information

Family Name: HEUR.Malware.Win32.Posin
Signature status: No Signature

Known Samples

MD5: 1be5c07313087d910e639dc0801929a2
SHA1: e030a35ad56e3d74029cfb78fce0d0c7a4c55dc3
SHA256: 195E605256EB7CC8C78562F0D7D5759D58C034912224B5EA3F4295EE87390198
File Size: 731.03 KB, 731035 bytes
MD5: 7773fba6047fb22854871a1e3edbca24
SHA1: b5162ce92f1a648aae732477ddd085cae5998959
SHA256: 27755142F92C63835558575347A9B7058E7FE4C1ADDE60CBBB2188636C261CE7
File Size: 1.89 MB, 1892352 bytes
MD5: b84980709e08e594ff91a429882c1f0b
SHA1: 7200a7e9036396e07d8c5ef32b833cdba0ac0765
SHA256: AD2B4D5E5E8DA589D63AA812B83AB71CEF5CE507BAE9A5E4FA0D97403D01F2B0
File Size: 2.83 MB, 2834944 bytes
MD5: 8c63eba152dff7d2da8bf09e5b3ce7a7
SHA1: 33d16f48b8c838675f277f5e35f219d6146b41bb
SHA256: 43F2F5BE32D92C9263ED76C2D3DC8A434A8E12DCE1A2F27717FAE64894F1423E
File Size: 55.38 KB, 55376 bytes
MD5: eccb7ec29fab10a5fd8678ddd4b7fbf2
SHA1: c4599d104c5dd8fe5275bda5fcfcb73501e1dce0
SHA256: 12D9139B37FAD0FB07F63C4A03EBF8EBF937384187B377A0580A64F81E5A8C23
File Size: 60.42 KB, 60416 bytes
Show More
MD5: b35123353e392bd2175cd482964a7fe7
SHA1: 211c8874b14942489f5774c00a8fc40781274cff
SHA256: F0A0FC58F3EE94B64436ABB4C342D85AB8CB0553D7E6CD8DB3BADAF6044FD38B
File Size: 1.98 MB, 1975808 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Captures movie scenes to single picture files or thumbnail galleries
Company Name
  • Fengtao Software Inc.
  • Lonking Software, LLC.
File Description
  • Captures movie scenes to single picture files or thumbnail galleries
  • DVDFab - The ultimate DVD copying/converting/burning software!
File Version
  • 4, 1, 0, 2
  • 2.3.0.23
  • 1.00
Internal Name
  • DVDFab.exe
  • TJprojMain
Legal Copyright Copyright (C) 2004-2008 Fengtao Software Inc. All rights reserved.
Original Filename
  • DVDFab.exe
  • TJprojMain.exe
Product Name
  • DVDFab
  • Project1
  • Video Snapshots Genius
Product Version
  • 4, 1, 0, 2
  • 2.3.0.23
  • 1.00

Digital Signatures

Signer Root Status
ShenZhen Thunder Networking Technologies Ltd. ShenZhen Thunder Networking Technologies Ltd. Self Signed

File Traits

  • 00 section
  • 2+ executable sections
  • dll
  • HighEntropy
  • No Version Info
  • packed
  • upx
  • UPX!
  • x86

Block Information

Total Blocks: 5
Potentially Malicious Blocks: 3
Whitelisted Blocks: 2
Unknown Blocks: 0

Visual Map

x x x 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • HEUR.Malware.Win32.Posin
  • NSPack.Gen
  • PcClient.L

Files Modified

File Attributes
c:\windows\syswow64\aagiopjj.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aagiopjj.exe Generic Write,Read Attributes
c:\windows\syswow64\aanopo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aanopo32.exe Generic Write,Read Attributes
c:\windows\syswow64\acjofk32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\acjofk32.exe Generic Write,Read Attributes
c:\windows\syswow64\affnmfgo.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\affnmfgo.exe Generic Write,Read Attributes
c:\windows\syswow64\afklmd32.dll Generic Write,Read Attributes
c:\windows\syswow64\aggpkeie.dll Generic Write,Read Attributes
Show More
c:\windows\syswow64\aibncbhe.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aibncbhe.exe Generic Write,Read Attributes
c:\windows\syswow64\aiidda32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aiidda32.exe Generic Write,Read Attributes
c:\windows\syswow64\alkphjli.dll Generic Write,Read Attributes
c:\windows\syswow64\bbedkloh.dll Generic Write,Read Attributes
c:\windows\syswow64\bbhonfbf.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\bbhonfbf.exe Generic Write,Read Attributes
c:\windows\syswow64\bclifg32.dll Generic Write,Read Attributes
c:\windows\syswow64\benjmfjg.dll Generic Write,Read Attributes
c:\windows\syswow64\bfanie32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\bfanie32.exe Generic Write,Read Attributes
c:\windows\syswow64\bigpoa32.dll Generic Write,Read Attributes
c:\windows\syswow64\binmpqnh.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\binmpqnh.exe Generic Write,Read Attributes
c:\windows\syswow64\bjeidf32.dll Generic Write,Read Attributes
c:\windows\syswow64\bmgmjp32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\bmgmjp32.exe Generic Write,Read Attributes
c:\windows\syswow64\bmpeql32.dll Generic Write,Read Attributes
c:\windows\syswow64\bmppqn32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\bmppqn32.exe Generic Write,Read Attributes
c:\windows\syswow64\bpfpfj32.dll Generic Write,Read Attributes
c:\windows\syswow64\bplogjap.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\bplogjap.exe Generic Write,Read Attributes
c:\windows\syswow64\cbbaddjk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cbbaddjk.exe Generic Write,Read Attributes
c:\windows\syswow64\cjdpjb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cjdpjb32.exe Generic Write,Read Attributes
c:\windows\syswow64\cjfmpbmp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cjfmpbmp.exe Generic Write,Read Attributes
c:\windows\syswow64\ckncpa32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ckncpa32.exe Generic Write,Read Attributes
c:\windows\syswow64\cmjbgm32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cmjbgm32.exe Generic Write,Read Attributes
c:\windows\syswow64\cpfbniie.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cpfbniie.exe Generic Write,Read Attributes
c:\windows\syswow64\daldhk32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\daldhk32.exe Generic Write,Read Attributes
c:\windows\syswow64\dcbjkb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dcbjkb32.exe Generic Write,Read Attributes
c:\windows\syswow64\ddhdof32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ddhdof32.exe Generic Write,Read Attributes
c:\windows\syswow64\dgdceblm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dgdceblm.exe Generic Write,Read Attributes
c:\windows\syswow64\djajbgnq.dll Generic Write,Read Attributes
c:\windows\syswow64\dkgefp32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dkgefp32.exe Generic Write,Read Attributes
c:\windows\syswow64\dmceml32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dmceml32.exe Generic Write,Read Attributes
c:\windows\syswow64\dqilod32.dll Generic Write,Read Attributes
c:\windows\syswow64\eaegni32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\eaegni32.exe Generic Write,Read Attributes
c:\windows\syswow64\edagee32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\edagee32.exe Generic Write,Read Attributes
c:\windows\syswow64\edimedmc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\edimedmc.exe Generic Write,Read Attributes
c:\windows\syswow64\egellpnj.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\egellpnj.exe Generic Write,Read Attributes
c:\windows\syswow64\egneblin.dll Generic Write,Read Attributes
c:\windows\syswow64\eialcl32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\eialcl32.exe Generic Write,Read Attributes
c:\windows\syswow64\eppnke32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\eppnke32.exe Generic Write,Read Attributes
c:\windows\syswow64\fafpegcb.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fafpegcb.exe Generic Write,Read Attributes
c:\windows\syswow64\fcbcbpnf.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fcbcbpnf.exe Generic Write,Read Attributes
c:\windows\syswow64\fdodemkn.dll Generic Write,Read Attributes
c:\windows\syswow64\fenjdc32.dll Generic Write,Read Attributes
c:\windows\syswow64\fgaoefbk.dll Generic Write,Read Attributes
c:\windows\syswow64\fgeecn32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fgeecn32.exe Generic Write,Read Attributes
c:\windows\syswow64\fgpbge32.dll Generic Write,Read Attributes
c:\windows\syswow64\fjaeji32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fjaeji32.exe Generic Write,Read Attributes
c:\windows\syswow64\fjhbck32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fjhbck32.exe Generic Write,Read Attributes
c:\windows\syswow64\fkggfc32.dll Generic Write,Read Attributes
c:\windows\syswow64\fkgomnpk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fkgomnpk.exe Generic Write,Read Attributes
c:\windows\syswow64\fkhhiplq.dll Generic Write,Read Attributes
c:\windows\syswow64\foankkgp.dll Generic Write,Read Attributes
c:\windows\syswow64\fpfdkd32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fpfdkd32.exe Generic Write,Read Attributes
c:\windows\syswow64\gcclinoc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gcclinoc.exe Generic Write,Read Attributes
c:\windows\syswow64\gclfhoek.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gclfhoek.exe Generic Write,Read Attributes
c:\windows\syswow64\ggpgbg32.dll Generic Write,Read Attributes
c:\windows\syswow64\gjhkjhke.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gjhkjhke.exe Generic Write,Read Attributes
c:\windows\syswow64\gkhgdk32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gkhgdk32.exe Generic Write,Read Attributes
c:\windows\syswow64\gkkfib32.dll Generic Write,Read Attributes
c:\windows\syswow64\godlkm32.dll Generic Write,Read Attributes
c:\windows\syswow64\gqgmbbnm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gqgmbbnm.exe Generic Write,Read Attributes
c:\windows\syswow64\gqpfac32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gqpfac32.exe Generic Write,Read Attributes
c:\windows\syswow64\hdiocp32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hdiocp32.exe Generic Write,Read Attributes
c:\windows\syswow64\hgenjkad.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hgenjkad.exe Generic Write,Read Attributes
c:\windows\syswow64\hjidaf32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hjidaf32.exe Generic Write,Read Attributes
c:\windows\syswow64\hkonej32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hkonej32.exe Generic Write,Read Attributes
c:\windows\syswow64\hnbclego.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hnbclego.exe Generic Write,Read Attributes
c:\windows\syswow64\hnkmkfmg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hnkmkfmg.exe Generic Write,Read Attributes
c:\windows\syswow64\iibmbeoi.dll Generic Write,Read Attributes
c:\windows\syswow64\ikkiakdh.dll Generic Write,Read Attributes
c:\windows\syswow64\inljoanb.dll Generic Write,Read Attributes
c:\windows\syswow64\jldlal32.dll Generic Write,Read Attributes
c:\windows\syswow64\jqmgokpa.dll Generic Write,Read Attributes
c:\windows\syswow64\kedmlp32.dll Generic Write,Read Attributes
c:\windows\syswow64\kejabhlo.dll Generic Write,Read Attributes
c:\windows\syswow64\klbpka32.dll Generic Write,Read Attributes
c:\windows\syswow64\knpcen32.dll Generic Write,Read Attributes
c:\windows\syswow64\lbpjmj32.dll Generic Write,Read Attributes
c:\windows\syswow64\lejlmi32.dll Generic Write,Read Attributes
c:\windows\syswow64\lidlqekl.dll Generic Write,Read Attributes
c:\windows\syswow64\ljimhpcf.dll Generic Write,Read Attributes
c:\windows\syswow64\llidpncn.dll Generic Write,Read Attributes
c:\windows\syswow64\lolkkj32.dll Generic Write,Read Attributes
c:\windows\syswow64\mihiec32.dll Generic Write,Read Attributes
c:\windows\syswow64\mlfioidj.dll Generic Write,Read Attributes
c:\windows\syswow64\mmggpp32.dll Generic Write,Read Attributes
c:\windows\syswow64\mncmifff.dll Generic Write,Read Attributes
c:\windows\syswow64\niheel32.dll Generic Write,Read Attributes
c:\windows\syswow64\nlfhmcli.dll Generic Write,Read Attributes
c:\windows\syswow64\nplali32.dll Generic Write,Read Attributes
c:\windows\syswow64\oihebg32.dll Generic Write,Read Attributes
c:\windows\syswow64\omioog32.dll Generic Write,Read Attributes
c:\windows\syswow64\pclome32.dll Generic Write,Read Attributes
c:\windows\syswow64\pcmoib32.dll Generic Write,Read Attributes
c:\windows\syswow64\pfabhh32.dll Generic Write,Read Attributes
c:\windows\syswow64\qjjdmfep.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\qjjdmfep.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Lejlmi32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\shellserviceobjectdelayload::web event logger {79FEACFF-FFCE-815E-A900-316290B5B738} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Mihiec32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Ljimhpcf.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Alkphjli.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Inljoanb.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Pclome32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Lolkkj32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Ikkiakdh.dll RegNtPreCreateKey
Show More
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Omioog32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Nplali32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Egneblin.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bclifg32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Dqilod32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Iibmbeoi.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Foankkgp.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Jqmgokpa.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bpfpfj32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fdodemkn.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Aggpkeie.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bmpeql32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fkggfc32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Afklmd32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bjeidf32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fkhhiplq.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Knpcen32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fgaoefbk.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Nlfhmcli.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Kedmlp32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bigpoa32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Jldlal32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Godlkm32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Mncmifff.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fgpbge32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Klbpka32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Lbpjmj32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Oihebg32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Pfabhh32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Benjmfjg.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Djajbgnq.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Gkkfib32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Mlfioidj.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Kejabhlo.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Lidlqekl.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Pcmoib32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Mmggpp32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Ggpgbg32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Bbedkloh.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Fenjdc32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Llidpncn.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32:: C:\WINDOWS\SysWow64\Niheel32.dll RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\33d16f48b8c838675f277f5e35f219d6146b41bb_0000055376.,LiQMAxHB

Trending

Most Viewed

Loading...