PUP.2345.com

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	2,004
Threat Level:	10 % (Normal)
Infected Computers:	123,096

First Seen:	July 13, 2015
Last Seen:	March 15, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove PUP.2345.com

Registry Details

PUP.2345.com may create the following registry entry or registry entries:

File name without path

http_skin.ie.2345.com_0.localstorage

HKEY..\..\..\..{RegistryKeys}

Software\2345.com

Software\2345Explorer

SOFTWARE\2345Pic

SOFTWARE\Classes\.htm\OpenWithProgIds\2345ExplorerHTML

SOFTWARE\Classes\.html\OpenWithProgIds\2345ExplorerHTML

SOFTWARE\Classes\.shtml\OpenWithProgids\2345ExplorerHTML

SOFTWARE\Classes\.webp\OpenWithProgids\2345ExplorerHTML

SOFTWARE\Classes\.xht\OpenWithProgIds\2345ExplorerHTML

SOFTWARE\Classes\.xhtml\OpenWithProgIds\2345ExplorerHTML

SOFTWARE\Classes\2345ExplorerHTML

SOFTWARE\Classes\Applications\2345Explorer.exe

Software\Classes\http\shell\2345Explorer

Software\Classes\https\shell\2345Explorer

SOFTWARE\Clients\StartMenuInternet\2345Explorer

SOFTWARE\Clients\StartMenuInternet\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_REQUIRE_VALID_MAILTO_APP_PPROTOCOL_REGISTRATION_KB941193\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\2345Explorer.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION\2345Explorer.exe

SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\2345Explorer.exe

SOFTWARE\Microsoft\Tracing\2345Explorer_RASAPI32

SOFTWARE\Microsoft\Tracing\2345Explorer_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\2345Explorer.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\2345PicViewer.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids\2345Pic.bmp

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids\2345Pic.dib

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids\2345Pic.emf

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids\2345Pic.gif

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids\2345Pic.ico

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids\2345Pic.jfif

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids\2345Pic.jpe

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids\2345Pic.jpeg

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids\2345Pic.jpg

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids\2345Pic.png

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\2345Pic.tif

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\2345Pic.tiff

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids\2345Pic.wdp

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\2345Pic.wmf

SOFTWARE\RegisteredApplications\2345Explorer

SOFTWARE\Wow6432Node\2345Explorer

SOFTWARE\Wow6432Node\2345Pic

SOFTWARE\Wow6432Node\Clients\StartMenuInternet\2345Explorer

SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\2345Explorer.exe

SOFTWARE\Wow6432Node\Microsoft\Tracing\2345Explorer_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\2345Explorer_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\2345Explorer.exe

SOFTWARE\Wow6432Node\RegisteredApplications\2345Explorer

SYSTEM\ControlSet001\services\Protect_2345Explorer

SYSTEM\CurrentControlSet\services\Protect_2345Explorer

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

2345Explorer

2345Pic

Directories

PUP.2345.com may create the following directory or directories:

%APPDATA%\2345Explorer

%APPDATA%\2345Pic

%APPDATA%\Shield_2345Explorer

%LOCALAPPDATA%\2345Explorer

%PROGRAMFILES%\2345Soft\2345Explorer

%PROGRAMFILES%\2345Soft\2345Pic

%PROGRAMFILES(x86)%\2345Soft\2345Explorer

%PROGRAMFILES(x86)%\2345Soft\2345Pic

%TEMP%\2345Explorer

%appdata%\softmgr_2345

Analysis Report

General information

Family Name:	PUP.2345.com
Signature status:	Modified signature

Known Samples

MD5: 8bbc9928aa2e6bcc3fbcbc1a445fa0d7

SHA1: d226a5ea3aa41c628cff31297b7b60a1175f2797

File Size: 2.53 MB, 2530072 bytes

MD5: f2d1d09971f8fad5922d5de4c7567332

SHA1: 941f2ef8ae5ea83d0faacaa77f72db02eb7b0b31

File Size: 5.26 MB, 5264680 bytes

MD5: 473a984cd9306bf095ac67cc7fab375b

SHA1: 6a77f3fd80f2b465636bb74aeb1c0687a966bd02

SHA256: 7348543EE8299A5C09B455B0C30232332F641792738A863E7BAB70C9640C255E

File Size: 4.55 MB, 4552896 bytes

MD5: da97896ce72ad9e8d327d2c2a8f4f3b5

SHA1: 4c684e5c848233b0deb2de0dd33b891955f2d330

SHA256: 74FB5F6D3B30FF33077B6A6D92FF6F873C2ECDFDDA163A27EED75365003CE023

File Size: 1.14 MB, 1142488 bytes

MD5: 8e7871ad233b88745ada7a1763c1c581

SHA1: 81762b51fb2676f6b53d69e0c5b0d744fb4575df

SHA256: 3BD4EB43419FF7B65B9F28351D3357E0033EBE229EC629056A9AD7777AA897CD

File Size: 210.62 KB, 210616 bytes

MD5: 7ff366f5f7982e21084d085df2650d6b

SHA1: f1e4015789afa7b457d3f6e757113b2da8718fe0

SHA256: CE47AA057441008315AFD445F9BD355CD943A8BD602EB8952912590C33B3ECB5

File Size: 5.26 MB, 5264568 bytes

MD5: 5e61087e84607131582313cbbd3853ec

SHA1: 131a278d8a1e276e654f1a53ddebaae6e0396ac1

SHA256: D8DBD1E1ED43614C2336A23D1CD39AC78511CBD8406516EA01DC2475702CD844

File Size: 4.13 MB, 4132568 bytes

MD5: 48f468f8a2531e997ab50e9c2834ad39

SHA1: f96f13b3f4e592cd3b7e046f64bbd3c6fc3ccc48

SHA256: F91F89B463074E028B8D0F851A24DF6DDF5EC5971418423073E09C3CB8C5D0C1

File Size: 2.96 MB, 2957624 bytes

MD5: 5e9792de539a74f1f2b99c14411676ca

SHA1: 4e54a50e80ef48a515a43c5467da73c21208c4a9

SHA256: 82F76D0C8A1C02CDD011E5A09453C59C35FBD878D742950D159BC41E3ED26113

File Size: 2.53 MB, 2530200 bytes

MD5: 38dab1f94d4de2bf0d461cee5f0adf44

SHA1: a88be403dbe227cdd99a84c0945565687a369596

SHA256: 092E1E86171486724DC034344B28FD99FE9CEFAD5B8FECE9A381B16A4B060354

File Size: 1.19 MB, 1190296 bytes

MD5: 6c1956c5256732581acc4c68301910a0

SHA1: 5800ba5410db37b0497d948fcb946bbc9abac497

SHA256: 98A2C2B1C245DC3F0484225289211F4BFFCD91FF27B87F78C4B37A2947967BCC

File Size: 210.74 KB, 210736 bytes

MD5: 876dfb723199b071b11f333cc51b5f5a

SHA1: 1d1cb51e2a334cd74a02d94d2adc76051ece7149

SHA256: 4E5A6D9F8AC7FEBFC949F4669DF4D51C6461068BDA26841B4A4E240D087AADC1

File Size: 2.53 MB, 2530200 bytes

MD5: 9da400b213a462fa77ed0694a9db8e40

SHA1: 4d7e6e710e7309f8c6c4f0c9c9c9dc6bc2424fe8

SHA256: BC9865BEA3BF1BF4F8549C4D6FC4B87EB7FF9F5CBEA4742789AE47D4F45A43A9

File Size: 1.97 MB, 1966080 bytes

MD5: f819428ce3071815353b6327e4c9c131

SHA1: 7886d54707f9402edd7b2826cdbe2f1f7196f577

SHA256: A9A925943B2786B728561C7F57D6039A64FE6B07A6A2418C77ACF585D6AAC5BD

File Size: 1.19 MB, 1190296 bytes

MD5: bf0514afc9743041b4e5cd11a75916f8

SHA1: 89a7bb0649f37563454ec941d9bf6b9c9a97b035

SHA256: 4851687900F8A94FA161106E53EA72064FEBE2363FF4D2D51BDC548B9CC88A24

File Size: 2.53 MB, 2530200 bytes

MD5: 9ebec41415ca018d9364ac5b7f2ec72f

SHA1: 4c4fcb87d5a7284f9ba575f5fd18bdb0a2350df3

SHA256: A84DDEE469C5C6343FA5A89BBB519F4F2FB02AA165D32F93DCE824065749E623

File Size: 1.80 MB, 1801000 bytes

MD5: ecda0fc4586e6083e6f005d4e6a9d560

SHA1: 8096da9e8d0b1d7f10150646795948435fcc4872

SHA256: 1EB0FEE3CAA50B879FE61B556474FC19E14C230E912027949FF2A960E7ED50EC

File Size: 5.26 MB, 5264680 bytes

MD5: c4881d293f7ffb57ee137ac748de3cd2

SHA1: 0a1dd18cb3da3e99310016edaa2b1f7dd25c8278

SHA256: 43E366CCC26C01EEA675AF6BC5925B7718450623507CEBE565F1BDED115C4FC0

File Size: 210.73 KB, 210728 bytes

MD5: b4ba6fa86c0428262e868fcac7f29814

SHA1: 713c901210251a996de387b590c930fd69702c5d

SHA256: BFBC2BA96C7678959675C2CBAE9C14D211CD448D9AA3C566F5D69C59C0E6C7B3

File Size: 1.51 MB, 1513944 bytes

MD5: 1a85fb39bcd81fb7af3b20a182e1e31e

SHA1: 7f975dc5c4bdcd95f672b5cca30536584130b6a5

SHA256: 78C377702183982A9BAE6B9BE2796CE04A25587B09CCFB0FDC31D4AE188AD15D

File Size: 530.73 KB, 530728 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	2345.com 2345桌面快捷方式安装程序 2345看图王 v11.5 http://www.2345.com pic.2345.cc pinyin.2345.cc 好压万能压缩 v1.1
Company Name	2345.cc 2345移动科技上海二三四五网络科技股份有限公司
File Description	2345安全卫士在线安装程序 2345桌面快捷方式安装程序 2345王牌拼音输入法 2345看图王-Windows扩展模块 2345看图王 v11.5 安装程序 DirectUI界面库加速浏览器服务程序好压万能压缩 v1.1 安装程序安全中心-2345服务程序安全卫士-2345服务程序 Show More 看图服务程序输入法服务程序输入法辅助模块
File Version	13.4.0.12514 11.5.0.11638 8.28.1.13261 8.27.0.14684 8.26.0.13202 8.25.1.14680 8.25.1.13186 8.21.0.13106 8.8.1.14353 7.9.1.8335 Show More 6.0.0.2943 6.0.0.350 2.9.0.10571 2.8.0.10552 2.7.0.10529 2.6.0.10483 1.4.0.13688 1.1.0.263
Internal Name	2345DirectUI 2345Pinyin 2345SafeCenterSvc 2345SafeSvc 2345桌面快捷方式安装程序 AssistPinyinMain BrowserService PicExt PicService PinyinService
Legal Copyright	Copyright (C) 2018, 2345移动科技版权所有 (C), 2345移动科技版权所有(c) 2020, 2345移动科技版权所有 (C) 2020, 2345移动科技版权所有 (C) 2021, 2345移动科技版权所有 (C) 2023, 2345移动科技版权所有 (c) 2023，2345.cc 版权所有（C）上海二三四五网络科技股份有限公司
Original Filename	2345.com.exe 2345DirectUI 2345Pinyin.ime 2345SafeCenterSvc.exe 2345SafeSvc.exe AssistPinyinMain.dll BrowserService.exe PicExt.dll PicService.exe PinyinService.exe
Private Build	0 0 0 0 1 0 831181 0 0 0 1 udg= ueO45sC5vdg= 0 0 0 1 0 0 0 1 1 1 100188 0 0 0 1 udg= ueO45sC5vdg= 0 1 1 1 0 0 0 1 1 1 829081 0 0 0 1 udg= ueO45sC5vdg= 0 1 0 0 sLLXsM3qs8m688GivLS/qsb0ueO45rfAu6S5psTco6E= 1 0 1 100170 0 1 0 0 udg= ueO45sC5vdg= 0 1 1 1
Product Name	2345DirectUI 2345安全卫士 2345安全卫士中心 2345安全卫士在线安装程序 2345桌面快捷方式安装程序 2345王牌输入法 2345看图王加速浏览器服务程序好压万能压缩看图服务程序 Show More 输入法服务程序输入法辅助模块
Product Version	13.4 11.5.0.11638 8.28.1 8.27.0 8.26.0 8.25.1 8.21.0 8.8.1.14353 7.9 6.0.0.2943 Show More 6.0.0.350 2.9.0.10571 2.8.0.10552 2.7.0.10529 2.6.0.10483 1.4.0.13688 1.1.0.263
Special Build	000000 000010

Digital Signatures

Signer	Root	Status
Shanghai 2345 Mobile Technology Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Shanghai 2345 Mobile Technology Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted

Block Information

Total Blocks:	1,697
Potentially Malicious Blocks:	113
Whitelisted Blocks:	1,395
Unknown Blocks:	189

Visual Map

0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 0 x x x ? 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? 0 0 0 0 0 ? ? x ? 0 0 0 0 0 0 0 0 0 x 0 ? ? x x x x x 0 ? x ? 0 x x 0 0 x 0 x 0 x x 0 0 0 x ? 0 ? x x 0 ? 0 ? ? x ? x ? x 0 0 0 x ? x ? 0 x x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 x 0 x x 0 0 0 0 ? 0 x ? 0 x 0 x x ? x x x ? x x ? x ? x 0 0 ? ? ? ? ? ? ? ? ? ? x 0 0 0 0 ? ? ? x ? 0 0 ? x ? ? x x x x x x x x x x x 0 x ? ? ? 0 x x ? ? ? 0 ? x 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x ? x x ? 0 0 0 ? 0 0 0 x x ? ? x x ? ? ? x x 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? x ? 0 ? x 0 0 0 0 0 x x 0 x 0 0 x ? x 0 x 0 x 0 ? ? x ? 0 x ? 0 ? x x 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 x ? x x x x x 0 ? ? ? ? ? ? x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 x 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? x x ? x x ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 1 1 1 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 2 0 2 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 2 0 0 1 1 0 0 0 1 0 0 0 ? ? 0 0 ? ? 0 0 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? 0 ? ? 0 0 0 0 x 0 ? 0 0 ? 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\0020bc10_rar\713c901210251a996de387b590c930fd69702c5d_0001513944	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\0020bc10_rar\713c901210251a996de387b590c930fd69702c5d_0001513944	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\nse3909.tmp\fileinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse3909.tmp\rcwidgetpluginuninstall.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi37ee.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso38f8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe.p	Generic Write,Read Attributes

c:\users\user\appdata\roaming\2345.com\713c901210251a996de387b590c930fd69702c5d_0001513944	Generic Write,Read Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\users\lgbqyhzy\appdata\local\temp\~nsua.tmp\un_a.exe	好压万能压缩 v1.1 安装程序	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.p	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.p\??\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ơ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.syattus.com.br/images/logo.gifhttp://zanzoul.aya.c	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	賘蜭	RegNtPreCreateKey
HKCU\software\apcr::u2_0	◊	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\apcr::u1_1	껥	RegNtPreCreateKey
HKCU\software\apcr::u2_1	嚿牥	RegNtPreCreateKey
HKCU\software\apcr::u3_1	ᥜ獦	RegNtPreCreateKey
HKCU\software\apcr::u4_1	獵牥	RegNtPreCreateKey

Windows API Usage

Category	API
Service Control	StartServiceCtrlDispatcher
Network Wininet	InternetConnect InternetOpen
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Network Winhttp	WinHttpOpen
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory Show More ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess ShellExecuteEx
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6a77f3fd80f2b465636bb74aeb1c0687a966bd02_0004552896.,LiQMAxHB


							"C:\Users\Lgbqyhzy\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f96f13b3f4e592cd3b7e046f64bbd3c6fc3ccc48_0002957624.,LiQMAxHB


							runas C:\Users\Wnjfhgyf\appdata\Roaming\2345.com\713c901210251a996de387b590c930fd69702c5d_0001513944 install_admin


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7f975dc5c4bdcd95f672b5cca30536584130b6a5_0000530728.,LiQMAxHB

PUP.2345.com

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove PUP.2345.com

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed