Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Maxiget

PUP.Maxiget

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Maxiget
Signature status: Self Signed

Known Samples

MD5: 9bf9534989d50e9f853fc0ec7ee2fdd5
SHA1: 882005149ab3a7369d334eab45f774462ab04d89
File Size: 1.72 MB, 1719664 bytes
MD5: 5622f21c128bab4365cb73c495294e04
SHA1: d594141d9ddacc7752690896923c0cde168912b6
File Size: 1.67 MB, 1672560 bytes
MD5: e86c12a679ac0779c18ea0b9fb528a57
SHA1: 856e621297f2c4c01f7a499b9b16df7a2f70265f
File Size: 43.31 KB, 43312 bytes
MD5: 3530241f00a2666b97647be70809b9eb
SHA1: 47d5c2ed79f27dfb56d1233c2aa570eeccb18472
SHA256: 6FB686B3F1CA53542EA379A524AC0B34CD82719D91F4536B10DDD45C3268C3E3
File Size: 421.93 KB, 421928 bytes
MD5: 16eaf796d9ce41e45b38444a9bb29544
SHA1: cd5d3e0b5f5d22f628371ed5f226c0d87e86b79d
SHA256: 9C4DC9864B52C21AE76CBEABD0FCF29E21D70F852FCA11E5B3AE26F1184DCC85
File Size: 5.77 MB, 5770848 bytes
Show More
MD5: 7f46eb6ea2055c6d782fcebb0e0f81ee
SHA1: 4e879ea9f9d7b7b435d3b5e7276fa87271304baf
SHA256: D83E4611AFB6004212A4BB9B556813F20DF7BB3E8894FE7FC97075CC27EA5E21
File Size: 796.34 KB, 796336 bytes
MD5: 1b3d39e3c2adbab91cd51150d454b671
SHA1: 0b645a714df7c9af4b9b09b80e2b39560e3e0833
SHA256: 9A4B7CF8193E46A5F3588895A03A221ACEB4AE9CCB84DAF9E6008CEC10D3411F
File Size: 810.22 KB, 810223 bytes
MD5: 3ee0421815c587472633af326c86a3d4
SHA1: 522b4e66ff0eb08ebc53d18c33718439c54a4463
SHA256: 2AA3226BE90EDCDCD894E78BD49626DA2F299E9529A0F636AAFCE71E61D497EF
File Size: 539.15 KB, 539152 bytes
MD5: 22e2a847f01d5da9ad64352224c30f95
SHA1: f45d768bade905eabd8a2ea61945058a6a1cfa4f
SHA256: 50F335C9D14BAE64D4B14A8ADA5799BA7F621C92186489AE22240F85116AC36B
File Size: 561.05 KB, 561048 bytes
MD5: 7d117752d777707dfee1f65749cf85ce
SHA1: 1885f1a7e39c0ca5382c79bf0db44be6b1ff5d09
SHA256: 04EB0C6A41204EF040E4B17047D638962A62F2290FC3B622B6A0D38CBA363F83
File Size: 779.72 KB, 779720 bytes
MD5: 485f4ea03d07889674534248cff9985a
SHA1: 672da4672e02dae44a20a01813af3dfc229efbaf
SHA256: DCE8779BBE1ABD1CC1FE7B1472CE2CC07798ADB19BF5A3A98E00A6060BE04D9F
File Size: 440.56 KB, 440560 bytes
MD5: 1bbd39a1c104ecc8af15ef95945875be
SHA1: 9b31d310cab83a39d80a02b9ec820ff8de5e3c4a
SHA256: C59812C3CB629704B5C1FB925D6FEA7ABEE3A4870F80C78A80DDD6E10A2C5ADA
File Size: 37.11 KB, 37112 bytes
MD5: 86f12dd6b2716e58cd0aa4c27c99733f
SHA1: 0af37255bdb62448df673ab91030ea034ba20748
SHA256: 895CAEF6D67F30145947F22F05FCC77F9238F73BC281269821133BE40E8F7E64
File Size: 411.73 KB, 411728 bytes
MD5: 21b5faa5d515a62e64b335e69c5f06c8
SHA1: c23fc478c09730284f93029cead79d0cd401ba36
SHA256: 08EEC82CC352D375E39A28328137FD60EA117C5FEED88E4AFF7EA2ADC6409C7A
File Size: 411.72 KB, 411720 bytes
MD5: 46e5292073c97f3269331439008a7127
SHA1: da456065d0d804418d5fdf643c943b29374b72d5
SHA256: 885BA047659AE24BAA9C9E5D28306CB51C2E9EAA0DE553BA973A6301D08B682D
File Size: 137.71 KB, 137712 bytes
MD5: 8ac406cc3f8112d3b336e3177b314ecf
SHA1: df537d99360705b2174ed0f9044d65bee136f456
SHA256: 891E8DD59A3CF3DEDF043D5CCE54604BD2E57ED01A1A265AEA820BA86D6FBBF5
File Size: 1.53 MB, 1533296 bytes
MD5: 059a0483e7825fab9fd5c536e5e5cdbb
SHA1: b023c586b02d11e6a3ee03c788493baef4725556
SHA256: F22030FE3B5E95E894CF7472570827330F3969887F338A08ED821EC0CD63B437
File Size: 1.02 MB, 1019248 bytes
MD5: a497d44658dd9eb290a1c8d4491a4617
SHA1: 79d3f6885bb5cb3a2c10da046c22fd386b76c26f
SHA256: 9B33A1ECD8002296C38BE6B36E68F0754B057184047679DA25E19480DF968679
File Size: 357.19 KB, 357192 bytes
MD5: 5ca908862807774b7a64b5440b453c23
SHA1: 701036423d8fcf885f6c1544628bdece5a9bf35e
SHA256: 469B11E28BE4F70F3A8695ADC010FA3D25705E1F1A565893FDEA138366DB1D0E
File Size: 471.62 KB, 471624 bytes
MD5: abf0be41ef7f082d141c2a0d5616da51
SHA1: 20b33a8b938e18507eef1418a1eabcd819e373c9
SHA256: 4C5A3C8D591F8ED1CA49E8E6ED103A1EE7C825A0A48D8361CB543DB918C3379E
File Size: 511.32 KB, 511320 bytes
MD5: 9d0b916f2ae4595d7223465a01c3b959
SHA1: 516037e3763619a31b2e9bcd4ab90923b595cb6c
SHA256: 5FFE7A78D3970A251C65EFB190C8AE1E6E6EC54B52FD5B2C04C728AE11B26289
File Size: 391.14 KB, 391144 bytes
MD5: 86d2c5e6c841fd38d1379f459ce032b4
SHA1: 8de69f7a80fa38491475094989f3a3573dcc8612
SHA256: 26D0BFE1B0FDCFB6825A900FB52F49940D413147914D9CC09148C38DCB129E1D
File Size: 537.46 KB, 537456 bytes
MD5: 8cda2475ff8122c3cc3c409c45f8dab5
SHA1: 639435084a7017ce23657391d5b49c108aa7c4f1
SHA256: F029ECA52E1F3A780003CD348CDDB99FCFD657FC78FD40D56544FD04B8F05C02
File Size: 318.70 KB, 318696 bytes
MD5: 96cf359d7ba67e75753160c1c3f12376
SHA1: a60e3a48b9398b809417d8a62129217aeb518f85
SHA256: 012EAFCC02BAAC81C082ED7E974E7856DAC471910CAE7CA0FE55ACF2A94A01FB
File Size: 298.53 KB, 298528 bytes
MD5: 3dd0b9136b801f7c7c7d4c3ad36f8c5a
SHA1: 4e7d5ac70037ac9dd7553b2c8122e1aa049c4fa4
SHA256: 6295C80E7F4A3CC933DDE6441A7CFA07351303B5AAC0382F8A682E1E8DF11932
File Size: 5.77 MB, 5770848 bytes
MD5: 22fa085469ec49e2c49b22c10b158c65
SHA1: 5cc2c4311a1e2c7593c0a709b79a899f80b0a794
SHA256: 1AD25FEC318FDC11DE06C0942B870C49D9361A82EAF9EF28B79774403CA87A0E
File Size: 406.33 KB, 406328 bytes
MD5: a8289de553058f2c564f00120c0f0e63
SHA1: dcfd4169dde12dd8901bce9a4059dc5d0aa921cb
SHA256: 216BDFD14072738A3DD8216781A3CF890C0C0D41E7CBD6EB74CA36EBC3854F5B
File Size: 41.18 KB, 41184 bytes
MD5: 299f624aa72ebe9602d7f60e3c787a3b
SHA1: 666230cff260d63a5ebf733b146eea88bde2816a
SHA256: E30A64731A9BD3C15E24EB6A9236E90699D183D74E7077F77ADAA4ADAA23CCFC
File Size: 410.98 KB, 410976 bytes
MD5: 92cebeab343eef6726db1e5512dcf0ec
SHA1: a0c3cfe3aa9ff2df95f9b166511c329b4c09fe05
SHA256: A3F1A64B136DE635D43F9880916F46E0CB6C58A7BAF1E406896DBFC7CE64B3BD
File Size: 381.61 KB, 381608 bytes
MD5: bf6c197e5482217b4be1b7e56835a50b
SHA1: 78fa2055bfac0500a97cc8fe07e5275b478ec0d9
SHA256: 301CB345F315E3A8E50E1D45C2695CF581790D61702005AF32409D820BBF8166
File Size: 1.33 MB, 1328312 bytes
MD5: ef628146ce209b4bd4947a840824a591
SHA1: 44771b23399b8c4fafd7afb683d2c496de704e75
SHA256: ACA58B57ABD65FB3AE9EB303A3A9846BB2FF031C2C37ACC73C879B8AFD8C5886
File Size: 445.32 KB, 445320 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • An
  • Cmnts
  • Get your downloads faster
  • Internal Tool Downloading Helper
  • ND
  • SmallTrade energizer component
Company Name
  • C
  • Company #1
  • Company limited
  • Elit -e - Company
  • New IT Solutions
  • SPC LLC
  • SwapSystem
File Description
  • 4shared Desktop Setup
  • B1 Free Archiver Installer
  • Description is empty
  • Downloader Helper
  • Download Helper
  • DWD
  • Get your downloads
  • Helps file downloading
  • SystemComponent
File Version
  • 4.0.3.1
  • 4, 0, 32, 0
  • 4, 0, 27, 0
  • 3, 5, 13, 0
  • 3, 4, 17, 0
  • 3, 3, 50, 0
  • 3, 3, 40, 0
  • 3, 3, 29, 0
  • 3, 3, 17, 0
  • 3, 3, 9, 0
Show More
  • 3, 2, 1, 0
  • 3, 1, 23, 0
  • 3, 1, 16, 0
  • 3, 1, 8, 0
  • 3, 0, 15, 0
  • 2, 4, 5, 0
  • 2, 3, 14, 0
  • 2, 3, 4, 0
  • 1.00
  • 1, 3, 5, 0
  • 1, 1, 0, 0
Internal Name
  • dnloader
  • downloader
  • Filegetter
  • Node0008
  • SmartInstaller
  • TJprojMain
  • TnT
  • Trinity
  • trnrt
Legal Copyright
  • 2013
  • 2014
  • Copyright (C) 2013
  • New IT Solutions
Legal Trademarks
  • -
  • Company(C)
  • No
  • SmallTrade Inc.
  • TM(c)
Original Filename
  • 0008.exe
  • DHelper
  • FilegetterInstrumnet
  • TJprojMain.exe
Private Build
  • 4, 0, 27, 0
  • 4, 0, 32, 0
  • Internal
Product Name
  • 4shared Desktop Setup
  • B1 Free Archiver Installer
  • CHummer
  • Downloader Helper
  • Download Helper
  • Filegetter
  • Get your downloads
  • premium
  • Project1
  • SuperCharging
Show More
  • SystemNode
Product Version
  • 4, 0, 32, 0
  • 4, 0, 27, 0
  • 3, 5, 13, 0
  • 3, 3, 53, 0
  • 3, 3, 50, 0
  • 3, 3, 40, 0
  • 3, 3, 29, 0
  • 3, 3, 17, 0
  • 3, 3, 9, 0
  • 3, 2, 1, 0
Show More
  • 3, 1, 23, 0
  • 3, 1, 16, 0
  • 3, 1, 8, 0
  • 3, 0, 15, 0
  • 2, 4, 5, 0
  • 2, 3, 14, 0
  • 2, 3, 4, 0
  • 1.00
  • 1, 3, 5, 0
  • 1, 1, 0, 0
Special Build
  • 3, 3, 40, 0
  • 3, 3, 50, 0
  • 3, 3, 53, 0
  • 3, 5, 13, 0
  • 4, 0, 27, 0
  • 4, 0, 32, 0

Digital Signatures

Signer Root Status
Maxiget Limited COMODO Code Signing CA 2 Self Signed
Maxiget Limited Go Daddy Secure Certificate Authority - G2 Self Signed
Catalina Group Limited Go Daddy Secure Certification Authority Self Signed
Maxiget Limited Go Daddy Secure Certification Authority Self Signed
New IT Limited Go Daddy Secure Certification Authority Self Signed
Show More
Maxiget Limited Starfield Secure Certificate Authority - G2 Self Signed
New IT Limited Starfield Secure Certificate Authority - G2 Self Signed

File Traits

  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 1,927
Potentially Malicious Blocks: 6
Whitelisted Blocks: 1,489
Unknown Blocks: 432

Visual Map

? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? x ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? 0 0 ? ? ? 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? 0 0 ? ? ? ? 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? 0 0 ? ? 0 ? 0 0 ? ? ? 0 ? ? 0 0 ? 0 0 ? 0 0 ? 0 ? ? 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? x ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? ? ? x 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? 0 0 ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 0 0 ? 0 0 0 ? ? ? ? 0 0 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? ? 0 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 0 1 0 0 0 0 0 0 1 0 0 1 1 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 1 1 1 0 3 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files (x86)\tst.b@t Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\epom2_nationzoom_20131128171912.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa8df.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa8df.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst7f06.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst7f06.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa8af.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsy7ed6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
Show More
c:\users\user\appdata\local\temp\tun541.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tun542.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tun542.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tun543.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tun543.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tvl1784.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tvl1785.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tvl1785.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\u58fe.tmp\unt590e.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\u592f.tmp\unt593f.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\u5960.tmp\unt5970.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud708.tmp\untd709.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud70a.tmp\untd71a.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud71b.tmp\untd72c.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud72d.tmp\untd73d.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud73e.tmp\untd74f.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud750.tmp\untd761.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud771.tmp\untd772.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud783.tmp\untd794.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud7a4.tmp\untd7b5.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud7b6.tmp\untd7c6.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud7d7.tmp\untd7e8.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud7f8.tmp\untd809.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud829.tmp\untd83a.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud84a.tmp\untd85b.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ud87b.tmp\untd88c.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uddad.tmp\untd71a.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uddce.tmp\untd709.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ude6b.tmp\untd73d.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ude8b.tmp\untd761.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\udebb.tmp\untd772.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\udedb.tmp\untd7b5.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\udefc.tmp\untd7c6.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue3ee.tmp\untd71a.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue40e.tmp\untd709.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue43e.tmp\untd73d.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue45f.tmp\untd761.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue47f.tmp\untd772.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue4af.tmp\untd7c6.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ue4bf.tmp\untd7b5.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bc5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bc6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bd7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bd8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bd9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bda.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2bdb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt2beb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3d91.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3da7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3db8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3db9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3dba.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3dbb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3dbc.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt3dbd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4230.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4231.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4232.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4233.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4244.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4245.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4246.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4247.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt4248.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt615b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt615c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt616c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt616d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt616e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt616f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6180.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6181.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6182.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69d6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69e6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69e7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69e8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69e9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69ea.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69eb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69fc.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69fd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt69fe.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d01.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d11.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d12.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d13.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d14.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d15.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d26.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt6d27.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8213.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8214.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8224.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8225.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8226.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8227.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unt8238.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta236.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta237.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta238.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta249.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta24a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta24b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta24c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta25c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta785.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta796.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta797.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7a8.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7a9.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7aa.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7ab.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7bb.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unta7bc.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb7eb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb7ec.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb7ed.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb7ee.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb7ff.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb800.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb801.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb802.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb803.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untb813.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba8b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba8c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba8d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba8e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba8f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untba9f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbe9b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbe9c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbead.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbeae.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbeaf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbeb0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbec0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbec1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbec2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbec3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untbed4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf00.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf11.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf12.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf22.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf33.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf34.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf35.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf46.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\untdf47.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte365.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte366.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte367.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte368.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte379.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte37a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte37b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte37c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte37d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte37e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte38e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\unte38f.tmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\4shared\downloadhelper::alreadyrun 1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 142.0.3595.53 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::maxconnectionsper1_0server 2 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::maxconnectionsperserver 2 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Other Suspicious
  • SetWindowsHookEx
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Process Shell Execute
  • ShellExecute
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeleteValueKey
Show More
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Manipulation Evasion
  • ReadProcessMemory

Shell Command Execution

(NULL) http://securedfileinfo.com/404.jsp?chid=5300013&rsn=plde&details=

Trending

Most Viewed

Loading...