Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Bat2Exe.E

PUP.Bat2Exe.E

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Bat2Exe.E
Signature status: No Signature

Known Samples

MD5: 97415a689f3eba7c5e5d4a1ef685a2c2
SHA1: 61438a61911992dd0235b65dff9399640910870b
SHA256: 26228FBDC1DE6A9939B44327EC17EEA762D8047CE685CEB48012A6A7A59CAF83
File Size: 288.62 KB, 288615 bytes
MD5: 8b23c0a15ab85ef7b54efd4885ea29d7
SHA1: f70867a4d39a2c82bf4403fb2b0120a243bb850a
SHA256: 477E4B747460568649AAB5351139ABBFE6F0AAE29F0FA76642FFEA2503B573F7
File Size: 161.91 KB, 161910 bytes
MD5: 04b4f99c646a6383cef695bfb06f5e1e
SHA1: 2c5b6ed0fbad287d4a3a197edaa3d74e67c7c532
SHA256: 7DA8151D930E30B91705E6B3CC0F6AD766ED1F48662DD487E0FC646E00A60CA7
File Size: 146.94 KB, 146944 bytes
MD5: 0f894d6a30ce4e47d9db6491edb747c6
SHA1: 12f064ab8df870c33a9d0bc6b840fe4290ab38c2
SHA256: D3AD265F2CC34D89DDE0E0F4083599E411AC56158DFDD6D2E659DB22B58CC74A
File Size: 7.40 MB, 7395177 bytes
MD5: 7ffb7eda423f6f809707f44bfdd4db4e
SHA1: 40ae3ffd3bbe2b5c32542102ca0d27c697c1432a
SHA256: 4E329E2F2ACFA5431DE90BC8FCB0A995B41AA558458B148E5C8B1CB4AC36B958
File Size: 954.24 KB, 954236 bytes
Show More
MD5: dcd6d974b649e82e5cadbd1d872c6198
SHA1: 0a0ca33ca3df18dd72a22952b8a282236817d17e
SHA256: 708D31239E380FBC6014BDCF74DAF415D1B95CBB6C84D98287847ED96F28DAE8
File Size: 126.98 KB, 126976 bytes
MD5: d3f4327d16c80729574d6de4dc0fd42b
SHA1: 0eeae736bbe49f66014862a34a201711e9af7f40
SHA256: 3376C4ED9D1833FB487B46C47C98008362F76A1061B3A9CB249CAFA84911697B
File Size: 147.04 KB, 147038 bytes
MD5: 75dd7414154b4a541fa34e0553ff4018
SHA1: ffa08a22144473db594cbf27f1956b20af8b1600
SHA256: BC62572349BB35358F0F02924F2E90A3B555BC6C455BFFE6EC3D61F0A156B7C1
File Size: 156.35 KB, 156350 bytes
MD5: 9ec4db57e64be65e7728e6c65900250b
SHA1: 06a3ce31276312398472241100dd61831d2c9da4
SHA256: E500A30012C92DA88215E5EE7AC3AB3BB7E6788684FD27888807B02A737D1655
File Size: 150.03 KB, 150030 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments CCZ2007
Company Name DOOM
File Description DOOM REG TOOL
File Version
  • 1. 1. 1. 1
  • 1.00
  • 0.0.0.0
  • 0. 0.
Internal Name TJprojMain
Original Filename TJprojMain.exe
Product Name
  • DOOM REG TOOL
  • Project1
Product Version
  • 1.00
  • 0.0.0.0

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • x86

Block Information

Total Blocks: 679
Potentially Malicious Blocks: 16
Whitelisted Blocks: 663
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x x 0 0 0 x 0 x x x 0 0 0 0 x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.EDA
  • IEHelper.B
  • Lamer.CF
  • Stealer.BBA
  • Trojan.Downloader.Gen.M
Show More
  • Wapomi.F

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files (x86)\mythicsoft\agent ransack\agentransack.chm Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\agentransack.cnt Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\agentransack.exe Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\agentransack.hlp Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\arshellext.dll Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\file_id.diz Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\is-03vvj.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-3rf3e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-4crpf.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\program files (x86)\mythicsoft\agent ransack\is-4jpgn.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-e72uo.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-ecg7f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-jlaut.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-rkkef.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\is-rns5j.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\license.txt Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\readme.txt Synchronize,Write Data
c:\program files (x86)\mythicsoft\agent ransack\unins000.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\mythicsoft\agent ransack\unins000.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\bt3667.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bt3667.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\bt3713.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bt3713.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\bt5372.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bt5372.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\bt8745.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bt8745.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-9tqi7.tmp\is-rti9j.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-j9f4k.tmp\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2146359 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926968 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\agentran.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\agentran.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\axvlc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\axvlc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\datos.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\datos.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\browse Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\browse Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\footer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\footer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\input Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\input Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\main Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\main Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\mosaic Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\mosaic Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\playlist Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\playlist Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\sout Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\sout Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\vlm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\dialogs\vlm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\favicon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\favicon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\iehacks.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\iehacks.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\delete.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\delete.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\delete_small.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\delete_small.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\eject.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\eject.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\empty.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\empty.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\fullscreen.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\fullscreen.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\help.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\help.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\info.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\info.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\loop.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\loop.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\minus.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\minus.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\next.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\next.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\pause.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\pause.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\play.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\play.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\playlist.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\playlist.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\playlist_small.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\playlist_small.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\plus.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\plus.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\prev.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\prev.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\refresh.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\refresh.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\repeat.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\repeat.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sd.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sd.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\shuffle.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\shuffle.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_bar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_bar.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_left.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_left.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_point.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_point.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_right.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slider_right.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slow.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\slow.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sort.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sort.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sout.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\sout.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\speaker.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\speaker.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\speaker_mute.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\speaker_mute.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\stop.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\stop.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\vlc16x16.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\vlc16x16.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\volume_down.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\volume_down.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\volume_up.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\volume_up.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\white.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\white.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\white_cross_small.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\images\white_cross_small.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\index.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\index.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\functions.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\functions.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\mosaic.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\mosaic.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\vlm.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\js\vlm.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\mosaic.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\mosaic.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\browse.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\browse.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\dboxfiles.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\dboxfiles.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\index.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\admin\index.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\cone_minus.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\cone_minus.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\cone_plus.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\cone_plus.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\index.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\index.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\info.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\info.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\edit.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\edit.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\index.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\index.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\new.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\new.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\show.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\vlm\show.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\webcam.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\old\webcam.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\browse.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\browse.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\playlist.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\playlist.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\status.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\status.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\vlm.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\vlm.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\vlm_cmd.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\requests\vlm_cmd.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\vlm.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\vlm.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\vlm_export.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\http\vlm_export.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\install.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\install.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\locale\es\lc_messages\vlc.mo Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\locale\es\lc_messages\vlc.mo Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\nyr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\nyr.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\bw.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\bw.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\esc.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\esc.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\fw.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\fw.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\next.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\next.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osdmenu\default\selected\play_pause.png Generic Write,Read Attributes

231 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᯕ퐛貺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 嬸訥ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\app paths\agentransack.exe:: C:\Program Files (x86)\Mythicsoft\Agent Ransack\AgentRansack.EXE RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\app paths\agentransack.exe::path C:\Program Files (x86)\Mythicsoft\Agent Ransack RegNtPreCreateKey
HKCU\software\agent_exe:: RegNtPreCreateKey
HKLM\software\wow6432node\agent_exe:: RegNtPreCreateKey
Show More
HKLM\software\wow6432node\mythicsoft\agent ransack:: RegNtPreCreateKey
HKLM\software\classes\directory\shellex\contextmenuhandlers\agentransackhere:: {6646F704-1528-4B5C-BAB7-176FA4B5F80A}} RegNtPreCreateKey
HKLM\software\classes\drive\shellex\contextmenuhandlers\agentransackhere:: {6646F704-1528-4B5C-BAB7-176FA4B5F80A}} RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\findextensions\static\agentransackfind:: {6646F704-1528-4B5C-BAB7-176FA4B5F80A}} RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\findextensions\static\agentransackfind\0:: &Agent Ransack... RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\findextensions\static\agentransackfind\0\defaulticon:: C:\Program Files (x86)\Mythicsoft\Agent Ransack\arshellext.dll,1 RegNtPreCreateKey
HKLM\software\classes\agentransackshellext.agentran_shellext.1:: AgentRan_ShellExt Class RegNtPreCreateKey
HKLM\software\classes\agentransackshellext.agentran_shellext.1\clsid:: {6646F704-1528-4B5C-BAB7-176FA4B5F80A} RegNtPreCreateKey
HKLM\software\classes\agentransackshellext.agentran_shellext:: AgentRan_ShellExt Class RegNtPreCreateKey
HKLM\software\classes\agentransackshellext.agentran_shellext\clsid:: {6646F704-1528-4B5C-BAB7-176FA4B5F80A} RegNtPreCreateKey
HKLM\software\classes\agentransackshellext.agentran_shellext\curver:: AgentRansackShellExt.AgentRan_ShellExt.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}:: AgentRan_ShellExt Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}\progid:: AgentRansackShellExt.AgentRan_ShellExt.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}\versionindependentprogid:: AgentRansackShellExt.AgentRan_ShellExt RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}\inprocserver32:: C:\Program Files (x86)\Mythicsoft\Agent Ransack\arshellext.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6646f704-1528-4b5c-bab7-176fa4b5f80a}\typelib:: {9B4BB56E-2169-4539-8125-5056B41473BB} RegNtPreCreateKey
HKLM\software\classes\typelib\{9b4bb56e-2169-4539-8125-5056b41473bb}\1.0:: AgentRansackShellExt 1.0 Type Library RegNtPreCreateKey
HKLM\software\classes\typelib\{9b4bb56e-2169-4539-8125-5056b41473bb}\1.0\flags:: 0 RegNtPreCreateKey
HKLM\software\classes\typelib\{9b4bb56e-2169-4539-8125-5056b41473bb}\1.0\0\win32:: C:\Program Files (x86)\Mythicsoft\Agent Ransack\arshellext.dll RegNtPreCreateKey
HKLM\software\classes\typelib\{9b4bb56e-2169-4539-8125-5056b41473bb}\1.0\helpdir:: C:\Program Files (x86)\Mythicsoft\Agent Ransack\ RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}:: IAgentRan_ShellExt RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\typelib:: {9B4BB56E-2169-4539-8125-5056B41473BB} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}:: IAgentRan_ShellExt RegNtPreCreateKey
HKLM\software\classes\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\typelib:: {9B4BB56E-2169-4539-8125-5056B41473BB} RegNtPreCreateKey
HKLM\software\classes\interface\{d4030f3e-a18c-4464-a931-49e74f86ef57}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::inno setup: setup version 4.1.8 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::inno setup: app path C:\Program Files (x86)\Mythicsoft\Agent Ransack RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::inno setup: icon group Agent Ransack RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::inno setup: user Cdlqsjja RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::displayname Agent Ransack Version 1.7.3 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\agent ransack_is1::uninstallstring "C:\Program Files (x86)\Mythicsoft\Agent Ransack\unins000.exe" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 溘뛴ꗈǜ RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Shell Command Execution

(NULL) C:\Users\Nzyodfvy\AppData\Local\Temp\RarSFX0\NYR.exe
cmd.exe /c C:\Users\Nzyodfvy\AppData\Local\Temp\bt3713.bat
WriteConsole:
WriteConsole: C:\Users\Nzyodfv
WriteConsole: DATOS.exe
Show More
WriteConsole: -y
C:\Users\Nzyodfvy\AppData\Local\Temp\RarSFX0\DATOS.exe DATOS.exe -y
(NULL) C:\Users\Cdlqsjja\AppData\Local\Temp\RarSFX0\install.exe
cmd.exe /c C:\Users\Cdlqsjja\AppData\Local\Temp\bt5372.bat
WriteConsole: C:\Users\Cdlqsjj
WriteConsole: START
WriteConsole: /WAIT agentran.
C:\Users\Cdlqsjja\AppData\Local\Temp\RarSFX0\agentran.exe agentran.exe /silent
"C:\Users\Cdlqsjja\AppData\Local\Temp\is-9TQI7.tmp\is-RTI9J.tmp" /SL4 $5031E C:\Users\Cdlqsjja\AppData\Local\Temp\RarSFX0\agentran.exe 599903 50688 /silent
cmd.exe /c C:\Users\Aqiflwtf\AppData\Local\Temp\bt3667.bat
cmd.exe /c C:\Users\Banogcls\AppData\Local\Temp\bt8745.bat
C:\WINDOWS\system32\regedit.exe regedit /s TEMP.REG

Trending

Most Viewed

Loading...