Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Hudun

PUP.Hudun

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Hudun
Signature status: Root Not Trusted

Known Samples

MD5: adcd298380b29cc7fb9b1f26da4e85a5
SHA1: dfe8cf02020bcd63ef08d6a1f53dd9f36d75f6ee
SHA256: E23C6FFF0D2766F1CABB190E7B7EBE0B826CA41EC2E36E4BF7C28F80B4752336
File Size: 2.73 MB, 2732232 bytes
MD5: 34ab32f3d4bf2210ce46c3735bcbab58
SHA1: 694366337c014995c1cd096645c2e6acd8a054bc
SHA256: 1BB3E9442EF22B9649C4E3F623CAC0A41B273DDB435A272082E3D4C525E5F39B
File Size: 1.17 MB, 1168072 bytes
MD5: c15f800435286a74d210f9f600e3472b
SHA1: 5d4bf6b374b8feb910708ad490312d2af1932f87
SHA256: 95D877C9B31BB447FF72AAF5CAA6A3D4E4F11F27D5BB927A0E2F460EBBC44A60
File Size: 1.22 MB, 1224032 bytes
MD5: f9f9d43f0390a8cb1acd4ee9929805d0
SHA1: 6b6943dbfbe7beed9cfae3346c9e5d1439ee4cf7
SHA256: 4925FBBDC34570D86972F902AADED79F4467CA72DC930B472191F52D8E15AA6E
File Size: 9.49 MB, 9492680 bytes
MD5: e05af82ee9fa65cd1b7f3a5444df515f
SHA1: 90de084d5e73d67291496353110aacfcd4f3a39a
SHA256: 152C59B88F4186F7A4F09A78E0B5F6E4AE70EA19FA2F1A381FC743DFFE6DEF99
File Size: 48.84 KB, 48840 bytes
Show More
MD5: 771e5fc4c141ab18954de60ccff8a412
SHA1: 2bec222a746d8a6def9662315661e0905f01c91f
SHA256: AFF7F06FF0CB8E5451F1A1648D3DBF7DF5A730F82FA33D041936A66777E9E180
File Size: 1.31 MB, 1311456 bytes
MD5: cd02a12e43632bc938b0d8a59308f68c
SHA1: eb75005de30e63844abdba0588ae5c5492352d3a
SHA256: 392C8FEC09A9ED3573F32AC4EA8992A4FFA5DC4CE3F082BB1531CDF5A43A90B0
File Size: 2.26 MB, 2256072 bytes
MD5: 1dba55dce2f270e32fdd90a3012ce11d
SHA1: e4f0819e6576d65884cf904e0965a301ceee5ac2
SHA256: 57E220238E3E43417B690E4855B91F8BF5FFE53AC54A4CEB77A232CCDF84B215
File Size: 2.29 MB, 2290888 bytes
MD5: 8768627c3281834c6f470d0ebdfad90b
SHA1: 799f7250ca2d4f168fb32238f8a6de721e5ec71b
SHA256: 74EC62FFCD93F7DDB7A8D499C98FDCA9C073A8728AE60A0105665C28E3817CA3
File Size: 2.32 MB, 2321896 bytes
MD5: 356c306f64d7b645c0852ad7df8c5c75
SHA1: 4d981af7e80b6995e4cddab2317b63f1184bc45d
SHA256: 8FED6A3D4FE87D7420D552FAB685B0D91628491850F6762BA3D1FEB29B03949B
File Size: 126.18 KB, 126176 bytes
MD5: 2a49f5b764f43256110bf802ef110b4c
SHA1: 55555e9e988f67fa2b429fdf9a1373a89414548f
SHA256: CF9F92D1A8D53DB993580DD450A77839A99365D7B2CACF27D6A83325E1B47FE8
File Size: 1.50 MB, 1504232 bytes
MD5: d3c13963689bc0697df22d7d3af07427
SHA1: 0bbc17e8a6a8b3a0984aa2d61675cdadf496f385
SHA256: D0D51B8BCC6F0058566E19F23865FFEC78E2972841AFB1665854760BE6F41DE5
File Size: 1.72 MB, 1717592 bytes
MD5: 6e3544e2c195a2664d592cf920bd9434
SHA1: 303242e9b8505eab51af13026aeb042b316d31cf
SHA256: 10B722EB5A4473457E1180CF25614D6A8750FF498AC8CE7DCB55302466D17DD9
File Size: 2.87 MB, 2874080 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
  • 迅捷视频转换器
Company Name
  • Igor Pavlov
  • Shanghai Hudun Information Technology Co., Ltd
  • 上海互盾信息科技有限公司
  • 成都嗨动信息科技有限公司
File Description
  • 7-Zip Shell Extension
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷CAD转换器
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
Show More
  • 迅捷视频转换器
File Version
  • 24.08
  • 3.4.0.0
  • 1.7.9
Internal Name
  • 7-zip
  • CADConverter.exe
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
Show More
  • 迅捷视频转换器
Legal Copyright
  • Copyright (c) 1999-2024 Igor Pavlov
  • Shanghai Hudun Information Technology Co., Ltd
  • 上海互盾信息科技有限公司
  • 成都嗨动信息科技有限公司
Legal Trademarks
  • Hudun Technology
  • 互盾科技
  • 成都嗨动
Original Filename
  • 7-zip.dll
  • CADConverter.exe
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
Show More
  • 迅捷视频转换器
Private Build
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
  • 迅捷视频转换器
Product Name
  • 7-Zip
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷CAD转换器
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
Show More
  • 迅捷视频转换器
Product Version
  • 24.08
  • 3.4.0.0
  • 1.7.9
Special Build
  • 万能图片编辑器
  • 改图鸭
  • 迅捷AIPPT
  • 迅捷DLL修复助手
  • 迅捷PDF编辑器
  • 迅捷PDF转换器
  • 迅捷翻译
  • 迅捷视频剪辑器
  • 迅捷视频转换器

Digital Signatures

Signer Root Status
Shanghai Hudun Information Technology Co., Ltd. AAA Certificate Services Root Not Trusted
Shanghai Hudun Information Technology Co., Ltd. DigiCert High Assurance EV Root CA Root Not Trusted
Shanghai Hudun Information Technology Co., Ltd. DigiCert High Assurance EV Root CA Root Not Trusted

Block Information

Total Blocks: 6,477
Potentially Malicious Blocks: 600
Whitelisted Blocks: 5,798
Unknown Blocks: 79

Visual Map

x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x ? ? 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x x ? x x 0 x x x x 0 x 0 0 x x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x 0 0 0 x 0 x 0 x 0 0 x x x x x x x x x 0 x x 0 x 0 x 0 0 x 0 x x x 0 0 0 0 x x 0 0 1 1 0 0 x 0 x x x x 0 1 1 x x x x 0 x x ? ? ? ? 0 x 0 0 x 0 0 x ? x x x ? x x 0 0 x ? x x x x ? ? 0 x x ? ? ? 0 0 x x x x ? x x ? x x x x ? x x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 ? x ? 0 0 ? 0 x x x x x x 0 0 x x 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 x x 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 0 0 x 0 x x x x x x 0 0 0 0 0 x 0 x ? 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x ? ? ? ? ? 0 0 ? ? 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 x x 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 x x x 0 0 x 0 0 x x x 0 0 x 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x x x ? ? 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 x 0 x x x 0 x 0 x 0 0 0 x x 0 x x x 0 0 0 x 0 0 x x x x x x x x 0 x x 0 x 0 0 1 0 x x 0 ? 0 x x 0 0 x x x 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 x x x x x x x 0 x x x 0 x x x 0 0 x 0 x 0 x 0 x 0 0 0 x x ? ? 0 0 x x 0 0 x x x x x x x 0 0 0 0 x x x x x 0 0 x x 0 x x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 x 0 0 0 0 0 x x x 0 x 0 0 0 x 0 x x 0 x x x 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x x 0 0 0 0 0 0 x x x 0 x x 0 1 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x x x 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x x x x 0 0 x 0 0 0 0 0 1 0 0 x 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x x 0 0 x x 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x 0 x x 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Hudun.A

Files Modified

File Attributes
c:\users\user\appdata\local\hdlocal\gaituyaphotoeditor.downloader\gaituyaphotoeditor.downloader_hdsconfigure.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\hdlocal\gaituyaphotoeditor.downloader\gaituyaphotoeditor.downloader_hdslog.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\hdlocal\gaituyaphotoeditor.downloader\gaituyaphotoeditor.downloader_hdslog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\hdlocal\universalpictureeditor.downloader\universalpictureeditor.downloader_hdsconfigure.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\hdlocal\universalpictureeditor.downloader\universalpictureeditor.downloader_hdslog.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\hdlocal\universalpictureeditor.downloader\universalpictureeditor.downloader_hdslog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~huduntemp.92482b06fb471e17\xjpdfeditor_un_asa.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~huduntemp.92482b06fb471e17\xjvideoconverter_un_asa.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~huduntemp.92482b06fb471e17\xjvideocrop_un_asa.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~huduntemp.92482b06fb471e17\xunjieppt_un_asa.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name dfe8cf02020bcd63ef08d6a1f53dd9f36d75f6ee_0002732232 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
Show More
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 142.0.3595.53 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count  RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闸ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃龡^濖̃賬̃+獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeࠄ엦1¶iꙥžr֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 143.0.3650.96 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • NtQuerySystemInformation
Network Winsock2
  • WSAStartup
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Shell Execute
  • CreateProcess
  • ShellExecute
Process Manipulation Evasion
  • ReadProcessMemory

Shell Command Execution

open C:\Users\Fpyuozrb\AppData\Local\Temp\~HuDunTemp.92482B06FB471E17\XJVideoCrop_un_asa.exe -instdir="Test"
open http://tj.sjhfrj.com/redirect/ver1/videocrop/discount2/1.0/installer/123456
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://tj.sjhfrj.com/redirect/ver1/videocrop/discount2/1.0/installer/123456
open C:\Users\Fijksnmi\AppData\Local\Temp\~HuDunTemp.92482B06FB471E17\XJPDFEditor_un_asa.exe -instdir="Test"
open C:\Users\Mjvjcded\AppData\Local\Temp\~HuDunTemp.92482B06FB471E17\XunjiePPT_un_asa.exe -instdir="Test"
Show More
open C:\Users\Qzudoixs\AppData\Local\Temp\~HuDunTemp.92482B06FB471E17\XJVideoConverter_un_asa.exe -instdir="Test"
open http://tj.sjhfrj.com/redirect/ver1/videoconverter/discount2/1.0/installer/123456
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://tj.sjhfrj.com/redirect/ver1/videoconverter/discount2/1.0/installer/123456

Trending

Most Viewed

Loading...