Adware.Sogou

Do Sumo3000 w Oprogramowanie reklamowe

Przetłumacz na:

Karta wyników zagrożenia

Popularity Rank:	3,673
Poziom zagrożenia:	80 % (Wysoka)
Zainfekowane komputery:	32,499

Pierwszy widziany:	November 20, 2015
Ostatnio widziany:	January 25, 2026
Systemy operacyjne, których dotyczy problem:	Windows

Adware.Sogou to potencjalnie niechciany program reklamowy. Adware.Sogou może zostać potajemnie zainstalowany na komputerze i często jest dostarczany wraz ze złośliwym oprogramowaniem, takim jak trojany. Adware.Sogou może modyfikować stronę główną lub stronę wyszukiwania Internet Explorera, aby wyświetlać reklamy w formie wyskakujących okienek, banerów lub linków.

Spis treści

SpyHunter wykrywa i usuwa Adware.Sogou

Szczegóły systemu plików

Adware.Sogou może utworzyć następujące pliki:

Rozwiń wszystkie | Zwinąć wszystkie

#	Nazwa pliku	MD5	Wykrycia Wykrycia: liczba potwierdzonych i podejrzewanych przypadków określonego zagrożenia wykrytych na zainfekowanych komputerach według danych SpyHunter.
1.	bdupdate.exe	3be0e8890a088580ff6840940d1d0988	104
Nazwa: bdupdate.exe MD5: 3be0e8890a088580ff6840940d1d0988 Rozmiar: 1.75 MB (1755895 bajty) Wykrycia: 104 Rodzaj: Executable File Ścieżka: %PROGRAMFILES(x86)%\tools Grupa: Plik złośliwego oprogramowania Ostatnio zaktualizowany: July 20, 2016
2.	tools_update.exe	b18a0019f427178286ae667dbc350469	9
Nazwa: tools_update.exe MD5: b18a0019f427178286ae667dbc350469 Rozmiar: 1.16 MB (1163368 bajty) Wykrycia: 9 Rodzaj: Executable File Ścieżka: %PROGRAMFILES%\tools\update Grupa: Plik złośliwego oprogramowania Ostatnio zaktualizowany: November 4, 2017
3.	%ProgramFiles%\Common Files\Sogou PXP\p2psvr.exe
Nazwa: %ProgramFiles%\Common Files\Sogou PXP\p2psvr.exe Rodzaj: Executable File Grupa: Plik złośliwego oprogramowania
4.	%ProgramFiles%\P4P\p4pipc.dll
Nazwa: %ProgramFiles%\P4P\p4pipc.dll Rodzaj: Dynamic link library Grupa: Plik złośliwego oprogramowania
5.	%ProgramFiles%\P4P\SoDALib.dll
Nazwa: %ProgramFiles%\P4P\SoDALib.dll Rodzaj: Dynamic link library Grupa: Plik złośliwego oprogramowania

Więcej plików

Szczegóły rejestru

Adware.Sogou może utworzyć następujący wpis rejestru lub wpisy rejestru:

Regexp file mask

%PROGRAMFILES(x86)%\tools\bdupdate.exe

HKEY..\..\..\..{RegistryKeys}

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

Katalogi

Adware.Sogou może utworzyć następujący katalog lub katalogi:

%PROGRAMFILES%\tools\update

%PROGRAMFILES(x86)%\tools\update

Raport z analizy

Informacje ogólne

Family Name:	Trojan.Sogou
Signature status:	Hash Mismatch

Known Samples

MD5: b06a18fd2f9acb3b3fc9f32b3ae2852a

SHA1: c59366ed5c8e1b47f64af03c870793104afba75d

Rozmiar pliku: 203.90 KB, 203904 bytes

MD5: 76a87cc9960bce8a5eca578d26cedb29

SHA1: b594dca4b75301d6e52033ffc7b49d1bdf626fe1

Rozmiar pliku: 9.52 MB, 9517720 bytes

MD5: a20348f065f642f03c1912fbf586196e

SHA1: b813f3e662fafe5fba9933d28a993bc39bde894e

SHA256: 8BB883C65FC0339FBE0BE370E3AA7D5102EEC6BC823609DDD90A9A590A03D7EB

Rozmiar pliku: 1.95 MB, 1946600 bytes

MD5: 70b868cb848faaccdd470676e5ea2536

SHA1: 693407e313df2e68904b6b88bd9e44899f2f5149

SHA256: E27068DEF6897F7AB202EA541560F717540AB9AD72C73C699D6A33C8CBDF8C00

Rozmiar pliku: 545.73 KB, 545728 bytes

MD5: ae39c7b386b372c9a1bf1ed57c3a360f

SHA1: fb99c99c5b159c1b6658d58a279c1b5d7f09fea9

SHA256: AC7D8ED76116F01904C812A416AD968A970D1F75BF66503679CD826C998080DF

Rozmiar pliku: 1.48 MB, 1480768 bytes

MD5: cbcc292ee264028646aac724d9b9c9a0

SHA1: d635e2aec646d1cf2355d7e05f70f8e9bc6f123f

SHA256: 7A23721779E84873A1EF9ADD789B754EEA00F90A180A4C831410C6F0339B26FF

Rozmiar pliku: 46.26 KB, 46264 bytes

MD5: ca78f15a4ca31fd56fb07893b80d0b8e

SHA1: 7df80c26b5eb291e0cb248503f379c2bfbbb7568

SHA256: 6B94735D4076F9CE930E8ED8995EEF85152AB553CDA03EA28297F854434E2121

Rozmiar pliku: 1.95 MB, 1946544 bytes

MD5: f352c6eae6613183221cf9d24fbad06c

SHA1: 097317ab43c15d67ae5a4b68ba083e8d8a68869c

SHA256: 9040FDF54B462797755A05BAFD378AF3AD38E28D663C80C2F873F48DBAD7F384

Rozmiar pliku: 470.12 KB, 470120 bytes

MD5: b6ab761a2941bcaadc23bcef8f7b4060

SHA1: 3dba655fd506fabab8ccd642d21a97d58934231c

SHA256: 267187B1247E5F4C4B9A76E57DEA47FC619DE444AA56EDA91CB731017235C5F7

Rozmiar pliku: 462.45 KB, 462448 bytes

MD5: 89403c88a438fd262b889ca8d84eb39a

SHA1: a83f23ff4fadbf1172d1d9061130613152e4990c

SHA256: 4CCEE1C442AF9D5759DA5FE62A82907602518BE29DCB9908A4E760371A47EA7B

Rozmiar pliku: 551.29 KB, 551288 bytes

MD5: e46759dd45ad2a419e22e879394d5187

SHA1: c425e4f20dd8c34047c13e9fa24adbd5ca4d4ed0

SHA256: 6D1517C9ABEBA196E1273A5015D1E539D663A0B4AAD28D52548516DB20A7B2CB

Rozmiar pliku: 1.95 MB, 1946584 bytes

MD5: b9f69d30bf1dcd784751c70f3183ac6a

SHA1: 5f1f561509374902c5630f4a1969f24335d13da7

SHA256: D469EC7B7D15C5792B41EC59104FC7555F04C31E2BF489CDB3E5C7E78B3B9479

Rozmiar pliku: 1.61 MB, 1612288 bytes

MD5: c25b2a407eeec50bf55fd0ada0e091e3

SHA1: fe594cf2a0e0a75f13451467ec01f6fc9f1ba991

SHA256: AFBAE459621D8D1FE7EF21FD5394B5FD286C1AA29643BD8DD5C0BCCDBBE25B8E

Rozmiar pliku: 579.69 KB, 579688 bytes

MD5: 6bbf07a9c75e0be6dab3b846542a98c1

SHA1: 3a4fb56e9bdd4e2269fc7d2bf8fd0acce8866651

SHA256: 2D80D0B1D139B8533257CCC02D887D5755ADB93E2C368CCD02C58648C422D7FF

Rozmiar pliku: 1.95 MB, 1946544 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Imię	Wartość
Company Name	Sogou.com Inc.
File Description	搜狗上网中心搜狗下载器搜狗五笔输入法工具搜狗拼音输入法勋章推荐搜狗拼音输入法安装工具搜狗拼音输入法崩溃反馈搜狗拼音输入法更新工具搜狗拼音输入法网络更新程序搜狗输入法云计算代理
File Version	11.8.0.5496 7.9.0.7428 7.8.0.7199 7.2.0.2893 6.7.0.0329 6.2.0.0000 5.5.0.2584 3.4.0.2308 3.1.0.1972 1.0.0.39 Show More 1.0.0.0017
Internal Name	SogouPY SogouPY CrashRpt SogouPY Install.exe SogouPY SGMedalLoader SogouPY sgutil SogouPY SogouCloud SogouWB SogouWP
Legal Copyright	(C)2012 Sogou.com Inc. All rights reserved. © 2013 Sogou.com Inc. All rights reserved. © 2014 Sogou.com Inc. All rights reserved. © 2015 Sogou.com Inc. All rights reserved. © 2016 Sogou.com Inc. All rights reserved. © 2020 Sogou.com Inc. All rights reserved. © 2022 Sogou.com Inc. All rights reserved. © 2023 Sogou.com Inc. All rights reserved. © Sogou.com Inc. All rights reserved.
Original Filename	CrashRpt.exe Install.exe SGBrowserSurf.exe SGDownload.exe SGMedalLoader.exe sgutil.dll sogouCloud.exe SogouWB.ime
Product Name	搜狗上网中心搜狗下载器搜狗五笔输入法搜狗拼音输入法搜狗输入法
Product Version	11.8.0.5496 7.9.0.7428 7.8.0.7199 7.2.0.2893 6.7.0.0329 6.2.0.0000 5.5.0.2584 3.4.0.2308 3.1.0.1972 1.0.0.39 Show More 1.0.0.0017

Digital Signatures

Signer	Root	Status
Sogou.com	Class 3 Public Primary Certification Authority	Root Not Trusted
Beijing Sogou Technology Development Co., Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Sogou.com	Symantec Class 3 SHA256 Code Signing CA	Self Signed
Beijing Sogou Technology Development Co., Ltd.	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Sogou.com	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

HighEntropy
Installer Version
x64
x86

Block Information

Total Blocks:	5,138
Potentially Malicious Blocks:	18
Whitelisted Blocks:	4,042
Unknown Blocks:	1,078

Visual Map

0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 0 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 ? 1 ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 ? ? ? ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? x ? ? ? ? 0 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 1 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? x 0 0 ? x 0 ? ? x x ? x ? x x 0 0 0 0 ? 0 0 0 ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 0 2 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 3 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\sgdownloadpipenew2	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 786432

Registry Modifications

Key::Value	Dane	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	⠍ȁ⋡龡^Ū紘Çó獖}Ŵ⦘·Ŵ좟Êh,֢	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	꿤ȁ獖}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateTimer ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserDisableThreadIme win32u.dll!NtUserGetImeInfoEx win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetKeyboardLayoutList win32u.dll!NtUserGetThreadState win32u.dll!NtUserMsgWaitForMultipleObjectsEx
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute
Anti Debug	NtQuerySystemInformation

Shell Command Execution


							open C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\SogouTSF.ime


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fb99c99c5b159c1b6658d58a279c1b5d7f09fea9_0001480768.,LiQMAxHB

Adware.Sogou

Karta wyników zagrożenia

Karta wyników zagrożeń EnigmaSoft

SpyHunter wykrywa i usuwa Adware.Sogou

Szczegóły systemu plików

Szczegóły rejestru

Katalogi

Raport z analizy

Informacje ogólne

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Prześlij komentarz

Popularne

Najczęściej oglądane