This section lists file attributes found within family samples. These attributes are extracted
from the files’ Windows PE (Portable Executable) specification and various system flags. Portable
Executable Attributes give malware researchers insight into a file’s functionality, executable details,
platform and runtime environment.
File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates
icons commonly associated with legitimate software to mislead users into believing the malware is
safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version
information data structure for samples within this family. To mislead users, malware actors often add
fake version information mimicking legitimate software.
Name
Value
Company Name
郑州市千象网络技术有限公司
File Description
安装程序
File Version
2024,06,20,1
Internal Name
install
Legal Copyright
Copyright(C) 2023-2025 郑州市千象网络技术有限公司
Original Filename
install.exe
Product Name
Windows清理大师
Product Version
4.0.1.21
File Traits
7-zip (In Overlay)
7-zip SFX
HighEntropy
Installer Version
x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this
family. File system activity can provide valuable insight into how malware functions on the operating
system.
This section lists registry keys and values that were created, modified and/or deleted by
samples in this family. Windows Registry activity can provide valuable insight into malware
functionality. Additionally, malware often creates registry values to allow itself to automatically
start and indefinitely persist after an initial infection has compromised the system.
Key::Value
Data
API Name
HKLM\software\wow6432node\wnasst::userid
RegNtPreCreateKey
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API
usage analysis is a valuable tool that can help identify malicious activity, such as keylogging,
security privilege escalation, data encryption, data exfiltration, interference with antivirus software,
and network request manipulation.
Category
API
Network Winsock2
WSAStartup
Network Winsock
closesocket
connect
gethostbyname
send
setsockopt
socket
User Data Access
GetComputerName
Your comment is awaiting moderation.
Please verify that you are not a robot.
Submit Comment
Please DO NOT use this comment system for support or billing questions.
For SpyHunter technical support requests, please contact our technical support team
directly by opening a customer support ticket
via your SpyHunter. For billing issues, please refer to our "Billing
Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our
"Inquiries and Feedback" page.
Enigmasoftware.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.
