Multi-License Discount Quote

Change Region

English
Threat Database Cracks PUP.Crack.BC

PUP.Crack.BC

By CagedTech in Cracks, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Crack.BC
Signature status: No Signature

Known Samples

MD5: 24f910dee205820e79018dd323fa3703
SHA1: d28b211bc0c40e50fb81ec1f029efa710ce19fca
File Size: 6.43 MB, 6431457 bytes
MD5: 32a31431dbfdceea6ae480baf5bd64ff
SHA1: 12750e150e08096bdb651f5a56bfbd1fe6162cfa
SHA256: D55A6ECEAECD63C84C880924C0F089EEF785E0FE6D6F77110775D7462CE8C745
File Size: 6.49 MB, 6485914 bytes
MD5: 99e7c9516544d039553a0a922f80426c
SHA1: 515f82e92693ac379bfc18f89dfa7e83420e0cb0
SHA256: 2FBDD2E8E977BF4E83EA768563EFFC53A105C6A4B0BDC17C06CD63E9133F7335
File Size: 3.76 MB, 3763462 bytes
MD5: 47244c297d36e7db57dc493789127dfd
SHA1: 930706b9743390c39c0f5fd6d7481b8aca5eb312
SHA256: BECEC89EFD1C49207EAB74BD56EFCD71E9BE1A7BE6CA5A0FCE74A8AD0197BA70
File Size: 5.78 MB, 5783973 bytes
MD5: d949bbe3e042906c1eea2793ec6e4ae2
SHA1: 28792a84e264bab5b15ade0957abc67363934ec4
SHA256: 8EABB9EE62AB60650D2A21D645034D021A14D8B91477894D648F3C19D3234473
File Size: 6.48 MB, 6480963 bytes
Show More
MD5: 4e8cd13141289525df81a2166350afc0
SHA1: ccfbc5c0250b8ad3ed7310d95fe4516107f2cd74
SHA256: 7BB8326604BE591A587B83FA12166D50BB2D419278843B5723A02C72602BB033
File Size: 3.76 MB, 3758338 bytes
MD5: 8be43019d9e025381fab03e17d8b89c7
SHA1: 47c20cc64a021f1aede01a8048a490b0cba8fef1
SHA256: B8B441E6BED5A4F10A6DB71E6F03699E0F0020D293015DEE98640008996F2B21
File Size: 6.10 MB, 6101627 bytes
MD5: 1174eb8e392f33fa68b6eb88aa09f470
SHA1: 30fce39cc6560901299f6ea1d9ec53785ea4cf5c
SHA256: 9620A613F181485D2FF68ED9E375825CBE447882222B10F753ABAE24F9A0004F
File Size: 14.34 KB, 14336 bytes
MD5: b57aba9d52777a81c3d26c126543c2e9
SHA1: caeee38d7f29011d39ba43f98247d037b19f767f
SHA256: 1B3DDD0C56707A6F9F87273232D9A58D58526F4D66FD29DEAE462B99B553CC06
File Size: 6.38 MB, 6380559 bytes
MD5: 05c26554d40a292f1118d4b87510c9a4
SHA1: 3294c2fbd2ba40b62024e37ae7f0b692bfc51e55
SHA256: FD4B8F0AD90CF9B561936202F4CBBF3495B4ADE39F917FBCE45453866F36F986
File Size: 6.45 MB, 6449066 bytes
MD5: c1efa18aca77e70a064a73f86653944c
SHA1: 525c0acb43303b3bc28606224f99000f2d4a6e4a
SHA256: FAC563D8015C5519E31DB6B25E09A26FA0D1C34DB8178F1DC824C0AF76CEE121
File Size: 4.39 MB, 4391063 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • SolidShare.Net Unattended Installer
  • This installation was built with Inno Setup.
Company Name
  • LR
  • lrepacks.net
  • Microsoft
  • Microsoft Corporation
  • SolidShare
  • www.startisback.com
File Description
  • GDIEXT Client DLL
  • SolidShare.Net Unattended Installer
  • StartAllBack v3.9.14
  • StartAllBack v3.9.19
  • StartBack Setup
File Version
  • 30.06.20.24
  • 6.3.9600.17415 (winblue_r4.141028-1500)
  • 3.9.19.0
  • 3.9.14.0
  • 1.00
  • 1.0.127.0
  • 1.0.125.0
  • 1.0.117.3.0
  • 1.0.96.0
  • 1.0.93.0
Show More
  • 1.0.55.0
Internal Name
  • gdiext
  • Win
Legal Copyright
  • Copyright 2007-2022 LRepacks
  • Copyright 2007-2024 LRepacks
  • Copyright 2007-2025 LRepacks
  • © 2024 By KiNGHaZe
  • © Microsoft Corporation. All rights reserved.
  • © www.startisback.com
Original Filename
  • gdiext
  • Win.exe
Product Name
  • Microsoft® Windows® Operating System
  • StartAllBack v3.9.14
  • StartAllBack v3.9.19
  • StartBack
  • StartIsBack AIO
  • Win
Product Version
  • 30.06.20.24
  • 6.3.9600.17415
  • 1.00
  • 1.0.127
  • 1.0.125
  • 1.0.117.3
  • 1.0.96
  • 1.0.93
  • 1.0.55

File Traits

  • 2+ executable sections
  • dll
  • WriteProcessMemory
  • x86

Block Information

Similar Families

  • Chapak.U
  • Crack.BC

Files Modified

File Attributes
c:\kinghaze\kur.exe Generic Write,Read Attributes
c:\kinghaze\kur.exe Synchronize,Write Attributes
c:\kinghaze\w10_1 Synchronize,Write Attributes
c:\kinghaze\w10_1\orbs Synchronize,Write Attributes
c:\kinghaze\w10_1\orbs\shamrock.orb Generic Write,Read Attributes
c:\kinghaze\w10_1\orbs\shamrock.orb Synchronize,Write Attributes
c:\kinghaze\w10_1\orbs\start3.bmp Generic Write,Read Attributes
c:\kinghaze\w10_1\orbs\start3.bmp Synchronize,Write Attributes
c:\kinghaze\w10_1\orbs\startisback_ei8htorb_v2_by_painter.bmp Generic Write,Read Attributes
c:\kinghaze\w10_1\orbs\startisback_ei8htorb_v2_by_painter.bmp Synchronize,Write Attributes
Show More
c:\kinghaze\w10_1\orbs\windows 7.orb Generic Write,Read Attributes
c:\kinghaze\w10_1\orbs\windows 7.orb Synchronize,Write Attributes
c:\kinghaze\w10_1\startisback32.dll Generic Write,Read Attributes
c:\kinghaze\w10_1\startisback32.dll Synchronize,Write Attributes
c:\kinghaze\w10_1\startisback64.dll Generic Write,Read Attributes
c:\kinghaze\w10_1\startisback64.dll Synchronize,Write Attributes
c:\kinghaze\w10_1\startisbackcfg.exe Generic Write,Read Attributes
c:\kinghaze\w10_1\startisbackcfg.exe Synchronize,Write Attributes
c:\kinghaze\w10_1\startscreen.exe Generic Write,Read Attributes
c:\kinghaze\w10_1\startscreen.exe Synchronize,Write Attributes
c:\kinghaze\w10_1\styles Synchronize,Write Attributes
c:\kinghaze\w10_1\styles\plain10.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_1\styles\plain10.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_1\styles\plain8.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_1\styles\plain8.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_1\styles\windows 7.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_1\styles\windows 7.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_1\updatecheck.exe Generic Write,Read Attributes
c:\kinghaze\w10_1\updatecheck.exe Synchronize,Write Attributes
c:\kinghaze\w10_2 Synchronize,Write Attributes
c:\kinghaze\w10_2\orbs Synchronize,Write Attributes
c:\kinghaze\w10_2\orbs\shamrock.orb Generic Write,Read Attributes
c:\kinghaze\w10_2\orbs\shamrock.orb Synchronize,Write Attributes
c:\kinghaze\w10_2\orbs\startisback_ei8htorb_v2_by_painter.bmp Generic Write,Read Attributes
c:\kinghaze\w10_2\orbs\startisback_ei8htorb_v2_by_painter.bmp Synchronize,Write Attributes
c:\kinghaze\w10_2\orbs\windows 7.orb Generic Write,Read Attributes
c:\kinghaze\w10_2\orbs\windows 7.orb Synchronize,Write Attributes
c:\kinghaze\w10_2\startisback32.dll Generic Write,Read Attributes
c:\kinghaze\w10_2\startisback32.dll Synchronize,Write Attributes
c:\kinghaze\w10_2\startisback64.dll Generic Write,Read Attributes
c:\kinghaze\w10_2\startisback64.dll Synchronize,Write Attributes
c:\kinghaze\w10_2\startisbackcfg.exe Generic Write,Read Attributes
c:\kinghaze\w10_2\startisbackcfg.exe Synchronize,Write Attributes
c:\kinghaze\w10_2\startscreen.exe Generic Write,Read Attributes
c:\kinghaze\w10_2\startscreen.exe Synchronize,Write Attributes
c:\kinghaze\w10_2\styles Synchronize,Write Attributes
c:\kinghaze\w10_2\styles\plain10.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_2\styles\plain10.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_2\styles\plain8.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_2\styles\plain8.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_2\styles\windows 7.msstyles Generic Write,Read Attributes
c:\kinghaze\w10_2\styles\windows 7.msstyles Synchronize,Write Attributes
c:\kinghaze\w10_2\updatecheck.exe Generic Write,Read Attributes
c:\kinghaze\w10_2\updatecheck.exe Synchronize,Write Attributes
c:\kinghaze\w11 Synchronize,Write Attributes
c:\kinghaze\w11\darkmagicloaderx64.exe Generic Write,Read Attributes
c:\kinghaze\w11\darkmagicloaderx64.exe Synchronize,Write Attributes
c:\kinghaze\w11\darkmagicloaderx86.exe Generic Write,Read Attributes
c:\kinghaze\w11\darkmagicloaderx86.exe Synchronize,Write Attributes
c:\kinghaze\w11\darkmagicx64.dll Generic Write,Read Attributes
c:\kinghaze\w11\darkmagicx64.dll Synchronize,Write Attributes
c:\kinghaze\w11\darkmagicx86.dll Generic Write,Read Attributes
c:\kinghaze\w11\darkmagicx86.dll Synchronize,Write Attributes
c:\kinghaze\w11\orbs Synchronize,Write Attributes
c:\kinghaze\w11\orbs\clover.svg Generic Write,Read Attributes
c:\kinghaze\w11\orbs\clover.svg Synchronize,Write Attributes
c:\kinghaze\w11\orbs\e1evenorb-pr.png Generic Write,Read Attributes
c:\kinghaze\w11\orbs\e1evenorb-pr.png Synchronize,Write Attributes
c:\kinghaze\w11\orbs\w8logo.svg Generic Write,Read Attributes
c:\kinghaze\w11\orbs\w8logo.svg Synchronize,Write Attributes
c:\kinghaze\w11\orbs\windows 7.orb Generic Write,Read Attributes
c:\kinghaze\w11\orbs\windows 7.orb Synchronize,Write Attributes
c:\kinghaze\w11\ribbon Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\accessmedia.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\accessmedia.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\easyaccess.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\easyaccess.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.addremoveprograms.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.addremoveprograms.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.computer.manage.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.computer.manage.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.copytomenu.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.copytomenu.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.folderoptions.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.folderoptions.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.help.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.help.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.hideselected.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.hideselected.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.layout.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.layout.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.movetomenu.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.movetomenu.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.multiverb.cmd.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.multiverb.cmd.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.multiverb.cmdpromptasadministrator.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.multiverb.cmdpromptasadministrator.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.open.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.open.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.opencontrolpanel.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.opencontrolpanel.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.pastelink.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.pastelink.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.removeproperties.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.removeproperties.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.ribbonpermissionsdialog.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.ribbonpermissionsdialog.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.shareprivate.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.shareprivate.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.slideshow.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.slideshow.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.systemproperties.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.systemproperties.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.troubleshoot.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-dark\windows.troubleshoot.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\accessmedia.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\accessmedia.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\easyaccess.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\easyaccess.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.addremoveprograms.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.addremoveprograms.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.computer.manage.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.computer.manage.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.copytomenu.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.copytomenu.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.edit.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.edit.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.email.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.email.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.folderoptions.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.folderoptions.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.help.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.help.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.hideselected.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.hideselected.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.layout.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.layout.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.movetomenu.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.movetomenu.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.multiverb.cmd.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.multiverb.cmd.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.multiverb.cmdpromptasadministrator.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.multiverb.cmdpromptasadministrator.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.open.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.open.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.opencontrolpanel.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.opencontrolpanel.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.pastelink.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.pastelink.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.removeproperties.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.removeproperties.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.ribbonpermissionsdialog.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.ribbonpermissionsdialog.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.shareprivate.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.shareprivate.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.slideshow.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.slideshow.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.systemproperties.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.systemproperties.svg Synchronize,Write Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.troubleshoot.svg Generic Write,Read Attributes
c:\kinghaze\w11\ribbon\theme-light\windows.troubleshoot.svg Synchronize,Write Attributes
c:\kinghaze\w11\startallbacka64.dll Generic Write,Read Attributes
c:\kinghaze\w11\startallbacka64.dll Synchronize,Write Attributes
c:\kinghaze\w11\startallbackcfg.exe Generic Write,Read Attributes
c:\kinghaze\w11\startallbackcfg.exe Synchronize,Write Attributes
c:\kinghaze\w11\startallbackloaderx64.dll Generic Write,Read Attributes
c:\kinghaze\w11\startallbackloaderx64.dll Synchronize,Write Attributes
c:\kinghaze\w11\startallbackx64.dll Generic Write,Read Attributes
c:\kinghaze\w11\startallbackx64.dll Synchronize,Write Attributes
c:\kinghaze\w11\styles Synchronize,Write Attributes
c:\kinghaze\w11\styles\plain8.msstyles Generic Write,Read Attributes
c:\kinghaze\w11\styles\plain8.msstyles Synchronize,Write Attributes
c:\kinghaze\w11\styles\windows 7.msstyles Generic Write,Read Attributes
c:\kinghaze\w11\styles\windows 7.msstyles Synchronize,Write Attributes
c:\kinghaze\w11\updatecheck.exe Generic Write,Read Attributes
c:\kinghaze\w11\updatecheck.exe Synchronize,Write Attributes
c:\kinghaze\w8 Synchronize,Write Attributes
c:\kinghaze\w81 Synchronize,Write Attributes
c:\kinghaze\w81\orbs Synchronize,Write Attributes
c:\kinghaze\w81\orbs\shamrock_106.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\shamrock_106.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\shamrock_54.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\shamrock_54.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\shamrock_66.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\shamrock_66.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\shamrock_81.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\shamrock_81.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\start3.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\start3.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\startisback_ei8htorb_v2_by_painter.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\startisback_ei8htorb_v2_by_painter.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\win7_106.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\win7_106.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\win7_54.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\win7_54.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\win7_66.bmp Generic Write,Read Attributes
c:\kinghaze\w81\orbs\win7_66.bmp Synchronize,Write Attributes
c:\kinghaze\w81\orbs\win7_81.bmp Generic Write,Read Attributes

86 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\startisback::autoupdates RegNtPreCreateKey
HKCU\software\startisback::welcomeshown  RegNtPreCreateKey
HKCU\software\startisback::noxamlprelaunch  RegNtPreCreateKey
HKCU\software\startisback::terminateonclose  RegNtPreCreateKey
HKCU\software\startisback::startisapps  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﺘ벿ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Other Suspicious
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • gethostname

Shell Command Execution

"C:\Users\Hvobdlub\AppData\Local\Temp\is-BNDT0.tmp\d28b211bc0c40e50fb81ec1f029efa710ce19fca_0006431457.tmp" /SL5="$301FA,6090101,64512,c:\users\user\downloads\d28b211bc0c40e50fb81ec1f029efa710ce19fca_0006431457"
"C:\Users\Tbvyajmk\AppData\Local\Temp\is-I28F7.tmp\12750e150e08096bdb651f5a56bfbd1fe6162cfa_0006485914.tmp" /SL5="$201F2,6144781,64512,c:\users\user\downloads\12750e150e08096bdb651f5a56bfbd1fe6162cfa_0006485914"
"C:\Users\Jfmyfhss\AppData\Local\Temp\is-S5F2Q.tmp\28792a84e264bab5b15ade0957abc67363934ec4_0006480963.tmp" /SL5="$1501E4,6139835,64512,c:\users\user\downloads\28792a84e264bab5b15ade0957abc67363934ec4_0006480963"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\30fce39cc6560901299f6ea1d9ec53785ea4cf5c_0000014336.,LiQMAxHB
"C:\Users\Dumevbyv\AppData\Local\Temp\is-4NNK9.tmp\3294c2fbd2ba40b62024e37ae7f0b692bfc51e55_0006449066.tmp" /SL5="$F029C,6108001,64512,c:\users\user\downloads\3294c2fbd2ba40b62024e37ae7f0b692bfc51e55_0006449066"
Show More
(NULL) Kur.exe
C:\Kinghaze\W10_2\StartIsBackCfg.exe /install /elevated /silent
startscreen.exe /stop
taskkill.exe /F /IM startscreen*

Trending

Most Viewed

Loading...