Adware.Sogou

애드웨어년에 Sumo3000 년까지

번역 :

위협 스코어카드

Popularity Rank:	3,673
위협 수준:	80 % (높은)
감염된 컴퓨터:	32,499

처음 본 것:	November 20, 2015
마지막으로 본:	January 25, 2026
영향을 받는 OS:	Windows

Adware.Sogou는 잠재적으로 원치 않는 광고 프로그램입니다. Adware.Sogou는 시스템에 몰래 설치될 수 있으며 종종 트로이 목마와 같은 맬웨어와 함께 번들로 제공됩니다. Adware.Sogou는 Internet Explorer 홈 페이지 또는 검색 페이지를 수정하여 팝업, 배너 또는 링크의 형태로 광고를 표시할 수 있습니다.

SpyHunter는 Adware.Sogou를 감지하고 제거합니다.

파일 시스템 세부 정보

Adware.Sogou는 다음 파일을 생성할 수 있습니다.

모두 확장 | 모든 축소

#	파일 이름	MD5	탐지 탐지: SpyHunter에서 보고한 감염된 컴퓨터에서 탐지된 특정 위협의 확인 및 의심 사례 수입니다.
1.	bdupdate.exe	3be0e8890a088580ff6840940d1d0988	104
이름: bdupdate.exe MD5: 3be0e8890a088580ff6840940d1d0988 크기: 1.75 MB (1755895 바이트) 감지: 104 유형: Executable File 길: %PROGRAMFILES(x86)%\tools 그룹: 멀웨어 파일 마지막 업데이트: July 20, 2016
2.	tools_update.exe	b18a0019f427178286ae667dbc350469	9
이름: tools_update.exe MD5: b18a0019f427178286ae667dbc350469 크기: 1.16 MB (1163368 바이트) 감지: 9 유형: Executable File 길: %PROGRAMFILES%\tools\update 그룹: 멀웨어 파일 마지막 업데이트: November 4, 2017
3.	%ProgramFiles%\Common Files\Sogou PXP\p2psvr.exe
이름: %ProgramFiles%\Common Files\Sogou PXP\p2psvr.exe 유형: Executable File 그룹: 멀웨어 파일
4.	%ProgramFiles%\P4P\p4pipc.dll
이름: %ProgramFiles%\P4P\p4pipc.dll 유형: Dynamic link library 그룹: 멀웨어 파일
5.	%ProgramFiles%\P4P\SoDALib.dll
이름: %ProgramFiles%\P4P\SoDALib.dll 유형: Dynamic link library 그룹: 멀웨어 파일

더 많은 파일

레지스트리 세부 정보

Adware.Sogou는 다음 레지스트리 항목을 만들 수 있습니다.

Regexp file mask

%PROGRAMFILES(x86)%\tools\bdupdate.exe

HKEY..\..\..\..{RegistryKeys}

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

디렉토리

Adware.Sogou는 다음 디렉토리를 만들 수 있습니다.

%PROGRAMFILES%\tools\update

%PROGRAMFILES(x86)%\tools\update

분석 보고서

일반 정보

Family Name:	Trojan.Sogou
Signature status:	Hash Mismatch

Known Samples

MD5: b06a18fd2f9acb3b3fc9f32b3ae2852a

SHA1: c59366ed5c8e1b47f64af03c870793104afba75d

파일 크기: 203.90 KB, 203904 bytes

MD5: 76a87cc9960bce8a5eca578d26cedb29

SHA1: b594dca4b75301d6e52033ffc7b49d1bdf626fe1

파일 크기: 9.52 MB, 9517720 bytes

MD5: a20348f065f642f03c1912fbf586196e

SHA1: b813f3e662fafe5fba9933d28a993bc39bde894e

SHA256: 8BB883C65FC0339FBE0BE370E3AA7D5102EEC6BC823609DDD90A9A590A03D7EB

파일 크기: 1.95 MB, 1946600 bytes

MD5: 70b868cb848faaccdd470676e5ea2536

SHA1: 693407e313df2e68904b6b88bd9e44899f2f5149

SHA256: E27068DEF6897F7AB202EA541560F717540AB9AD72C73C699D6A33C8CBDF8C00

파일 크기: 545.73 KB, 545728 bytes

MD5: ae39c7b386b372c9a1bf1ed57c3a360f

SHA1: fb99c99c5b159c1b6658d58a279c1b5d7f09fea9

SHA256: AC7D8ED76116F01904C812A416AD968A970D1F75BF66503679CD826C998080DF

파일 크기: 1.48 MB, 1480768 bytes

MD5: cbcc292ee264028646aac724d9b9c9a0

SHA1: d635e2aec646d1cf2355d7e05f70f8e9bc6f123f

SHA256: 7A23721779E84873A1EF9ADD789B754EEA00F90A180A4C831410C6F0339B26FF

파일 크기: 46.26 KB, 46264 bytes

MD5: ca78f15a4ca31fd56fb07893b80d0b8e

SHA1: 7df80c26b5eb291e0cb248503f379c2bfbbb7568

SHA256: 6B94735D4076F9CE930E8ED8995EEF85152AB553CDA03EA28297F854434E2121

파일 크기: 1.95 MB, 1946544 bytes

MD5: f352c6eae6613183221cf9d24fbad06c

SHA1: 097317ab43c15d67ae5a4b68ba083e8d8a68869c

SHA256: 9040FDF54B462797755A05BAFD378AF3AD38E28D663C80C2F873F48DBAD7F384

파일 크기: 470.12 KB, 470120 bytes

MD5: b6ab761a2941bcaadc23bcef8f7b4060

SHA1: 3dba655fd506fabab8ccd642d21a97d58934231c

SHA256: 267187B1247E5F4C4B9A76E57DEA47FC619DE444AA56EDA91CB731017235C5F7

파일 크기: 462.45 KB, 462448 bytes

MD5: 89403c88a438fd262b889ca8d84eb39a

SHA1: a83f23ff4fadbf1172d1d9061130613152e4990c

SHA256: 4CCEE1C442AF9D5759DA5FE62A82907602518BE29DCB9908A4E760371A47EA7B

파일 크기: 551.29 KB, 551288 bytes

MD5: e46759dd45ad2a419e22e879394d5187

SHA1: c425e4f20dd8c34047c13e9fa24adbd5ca4d4ed0

SHA256: 6D1517C9ABEBA196E1273A5015D1E539D663A0B4AAD28D52548516DB20A7B2CB

파일 크기: 1.95 MB, 1946584 bytes

MD5: b9f69d30bf1dcd784751c70f3183ac6a

SHA1: 5f1f561509374902c5630f4a1969f24335d13da7

SHA256: D469EC7B7D15C5792B41EC59104FC7555F04C31E2BF489CDB3E5C7E78B3B9479

파일 크기: 1.61 MB, 1612288 bytes

MD5: c25b2a407eeec50bf55fd0ada0e091e3

SHA1: fe594cf2a0e0a75f13451467ec01f6fc9f1ba991

SHA256: AFBAE459621D8D1FE7EF21FD5394B5FD286C1AA29643BD8DD5C0BCCDBBE25B8E

파일 크기: 579.69 KB, 579688 bytes

MD5: 6bbf07a9c75e0be6dab3b846542a98c1

SHA1: 3a4fb56e9bdd4e2269fc7d2bf8fd0acce8866651

SHA256: 2D80D0B1D139B8533257CCC02D887D5755ADB93E2C368CCD02C58648C422D7FF

파일 크기: 1.95 MB, 1946544 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

이름	값
Company Name	Sogou.com Inc.
File Description	搜狗上网中心搜狗下载器搜狗五笔输入法工具搜狗拼音输入法勋章推荐搜狗拼音输入法安装工具搜狗拼音输入法崩溃反馈搜狗拼音输入法更新工具搜狗拼音输入法网络更新程序搜狗输入法云计算代理
File Version	11.8.0.5496 7.9.0.7428 7.8.0.7199 7.2.0.2893 6.7.0.0329 6.2.0.0000 5.5.0.2584 3.4.0.2308 3.1.0.1972 1.0.0.39 Show More 1.0.0.0017
Internal Name	SogouPY SogouPY CrashRpt SogouPY Install.exe SogouPY SGMedalLoader SogouPY sgutil SogouPY SogouCloud SogouWB SogouWP
Legal Copyright	(C)2012 Sogou.com Inc. All rights reserved. © 2013 Sogou.com Inc. All rights reserved. © 2014 Sogou.com Inc. All rights reserved. © 2015 Sogou.com Inc. All rights reserved. © 2016 Sogou.com Inc. All rights reserved. © 2020 Sogou.com Inc. All rights reserved. © 2022 Sogou.com Inc. All rights reserved. © 2023 Sogou.com Inc. All rights reserved. © Sogou.com Inc. All rights reserved.
Original Filename	CrashRpt.exe Install.exe SGBrowserSurf.exe SGDownload.exe SGMedalLoader.exe sgutil.dll sogouCloud.exe SogouWB.ime
Product Name	搜狗上网中心搜狗下载器搜狗五笔输入法搜狗拼音输入法搜狗输入法
Product Version	11.8.0.5496 7.9.0.7428 7.8.0.7199 7.2.0.2893 6.7.0.0329 6.2.0.0000 5.5.0.2584 3.4.0.2308 3.1.0.1972 1.0.0.39 Show More 1.0.0.0017

Digital Signatures

Signer	Root	Status
Sogou.com	Class 3 Public Primary Certification Authority	Root Not Trusted
Beijing Sogou Technology Development Co., Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Sogou.com	Symantec Class 3 SHA256 Code Signing CA	Self Signed
Beijing Sogou Technology Development Co., Ltd.	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Sogou.com	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

HighEntropy
Installer Version
x64
x86

Block Information

Total Blocks:	5,138
Potentially Malicious Blocks:	18
Whitelisted Blocks:	4,042
Unknown Blocks:	1,078

Visual Map

0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 0 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 ? 1 ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? x ? ? ? ? 0 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 1 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? x 0 0 ? x 0 ? ? x x ? x ? x x 0 0 0 0 ? 0 0 0 ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 0 2 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 3 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\sgdownloadpipenew2	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 786432

Registry Modifications

Key::Value	데이터	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	⠍ȁ⋡龡^Ū紘Çó獖}Ŵ⦘·Ŵ좟Êh,֢	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	꿤ȁ獖}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateTimer ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserDisableThreadIme win32u.dll!NtUserGetImeInfoEx win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetKeyboardLayoutList win32u.dll!NtUserGetThreadState win32u.dll!NtUserMsgWaitForMultipleObjectsEx
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute
Anti Debug	NtQuerySystemInformation

Shell Command Execution


							open C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\SogouTSF.ime


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fb99c99c5b159c1b6658d58a279c1b5d7f09fea9_0001480768.,LiQMAxHB

Adware.Sogou

위협 스코어카드

EnigmaSoft 위협 스코어카드

SpyHunter는 Adware.Sogou를 감지하고 제거합니다.

파일 시스템 세부 정보

레지스트리 세부 정보

디렉토리

분석 보고서

일반 정보

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

의견 제출

트렌드

가장 많이 본