Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Qihoo.B

PUP.Qihoo.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Qihoo.B
Signature status: Modified signature

Known Samples

MD5: 0f71e29be1e2bc1c6823ded9d47f4344
SHA1: be48129b58141aca5e05528b1d7e61e8bca33604
File Size: 4.22 MB, 4222712 bytes
MD5: 5de87e63605ea8614869b2ee5506eed7
SHA1: 23cfa1cbb8645982228c8878929847e8a3da5dd7
File Size: 4.22 MB, 4222712 bytes
MD5: 3d45ea5b8b421763895bdca34cf60bb6
SHA1: 82380c872234d7a3a3f7f2711b6eaebf42cfe4c5
File Size: 1.94 MB, 1943976 bytes
MD5: f84b62836cd26a08872d4e2e5844e457
SHA1: ded281700b058df6421c7785bee7d862f024ea96
File Size: 4.22 MB, 4222712 bytes
MD5: 1a784f0721d3100d564d23cfa0614b1a
SHA1: 2a2de0936e235bb954df011cc3e86b2d97ac3443
File Size: 4.22 MB, 4222712 bytes
Show More
MD5: fe1d26f0aa7a10d99ac5237e21ca5741
SHA1: fc21417d265e885d924ffedcd9f681ae4573c783
File Size: 4.22 MB, 4222712 bytes
MD5: ec987958d3d847be3113b03fdeb2a80f
SHA1: 124c9b7164f39e54c838d88f1c0e9b08a20e61fa
File Size: 4.22 MB, 4222712 bytes
MD5: 1b06ff68391671a72324f9d220bb1740
SHA1: 9c34decd69f757a4362d4d5786e27bfca0856ddc
File Size: 1.94 MB, 1943976 bytes
MD5: 50e6b1c0ad2d2f1826236b5dcc18d0be
SHA1: a845978376e24f1666e2adac4dbc385f4ad220a0
File Size: 4.22 MB, 4222712 bytes
MD5: e4b83d3fef0f63642b67d65d220dee7d
SHA1: b3af9b096ae324a3476b239e0fb7baa1c57d1ace
File Size: 4.22 MB, 4222712 bytes
MD5: 5fa8ecc87658ed376fec78a7463184c9
SHA1: 55cca3e9a5297adb389da788f70f0f4045add614
File Size: 4.39 MB, 4394248 bytes
MD5: 7bea1f8dbae79a33b7defef9bdacd16b
SHA1: ad2fd9d4f137674ede9d48378b19bbeba4f6ea03
File Size: 4.22 MB, 4222712 bytes
MD5: c8d1ece3b7cec39a45b3e300c5579922
SHA1: 15a171b68a54f6889ef1a4ce135addfa2d02a5a9
File Size: 4.22 MB, 4222712 bytes
MD5: f1c2508e17965f864db2a0a6121dfc82
SHA1: 1d214227abf9c10fd2d2d06ee83122f978c47e3a
File Size: 1.95 MB, 1952936 bytes
MD5: a002be8d237740a01628b7a92795b014
SHA1: c2cdfb0f9321426ae0bf90a8c82edb7222481739
File Size: 4.39 MB, 4394248 bytes
MD5: 0f3a487cabb4b1739b1a388cca36f674
SHA1: 3dfc66db9a8b3f9133368d71e7334f18ab1912e3
File Size: 1.96 MB, 1957176 bytes
MD5: 8444e8232b2d8e2fa5089ca6a74490d2
SHA1: fb377ed2415e35c371601d554aeb081265148a76
File Size: 4.22 MB, 4222712 bytes
MD5: f0ee3cba755d04909a7714425ac49726
SHA1: 5a0b2f149e4cc4ce984350936f573cc0f60e5e3c
File Size: 1.94 MB, 1943976 bytes
MD5: eb3736083e123387359ac150818c277f
SHA1: e57484423287bdab630b1a7154998c583efb66e3
File Size: 4.22 MB, 4223360 bytes
MD5: cd2ef2c2d1d93428ce700012c80687f3
SHA1: bc009621a7de6ec51c3fef3ca4ec7e2b8a0baf83
SHA256: 3A6EB07B7DAEF2DDA1724048F530B41F7864B900A8066CDCD67FCFA8C5BBC0CA
File Size: 4.22 MB, 4222712 bytes
MD5: cfdbbef27e9cd3e2769612f6a8cdc5f5
SHA1: f78c5ed5d55ed5a4602857b0bbbc66719b5fa21e
SHA256: 5579D703DFC3FC6BF3F80BEA0ECB7FA368FFD56EAC2DCDED146DFF0BA10C3AD0
File Size: 4.39 MB, 4394248 bytes
MD5: 5c699bf83cb7ebbf2ae4f9f0f93657cc
SHA1: 2a8f65c2bd787ab03fd8affa6b3025718911216d
SHA256: 5C9B672D7E029F173E48F222979FB7A15A1C9050C249E18E476586EA0C2EC0C3
File Size: 4.22 MB, 4222712 bytes
MD5: 60c926c5aa3b9b8d0287e4637e615b3d
SHA1: ae8e9bbfcf5bd59448f936fad749ed86ca3d2374
SHA256: FD6D36002ED689C32ADEEC4464B16D27C668F033B37842FE7636F71C7C27A97C
File Size: 4.22 MB, 4222712 bytes
MD5: 07c04f5b36064b131cc76c2306bfbf8d
SHA1: 9b3cd6e7b0264b98f3b4e43bb3ea01f66020adc9
SHA256: 4587BAC8A0A512A050E21D4A3D390CBB62F775D16DF8713FEA60E1C43E1F649E
File Size: 4.39 MB, 4394248 bytes
MD5: d3a6200cd2902eae3136b5e04b5c937b
SHA1: b7432940b34b5cdceafb57056bb9373974a492d3
SHA256: 4DD64CCBA6560EC3540C368F5A2199878D1F4D212A185322EA55CA3CDB22D711
File Size: 1.95 MB, 1952936 bytes
MD5: d62807d821876e193bbd5f05a501a2c7
SHA1: 79d5ac5fbda210ea105619ec9764060f52eee2f3
SHA256: 18B4BE9F17D50CF5D5E70E21EF91041741DEBA0999956C3CCE89C58C404C5062
File Size: 4.22 MB, 4222712 bytes
MD5: aef5115fe6229e0dd9e3a06a1753c366
SHA1: 1d12a786b3ad5295d1b1d954464fc138c0b2a7e9
SHA256: 22B034CF57EFBB20BFBDDAA94322F3FC4DFFA89A324C70F4D56050FA1CAA2BE6
File Size: 1.96 MB, 1957176 bytes
MD5: de802ffe27a89a7d46330edfc2ec4312
SHA1: b34f1c2ecb9612af149ab6f199a5c86d13d0fc26
SHA256: 961B4718D64855C7047F7F1AA58EA936889E8F88C799D4126CC78C10139EABCA
File Size: 4.22 MB, 4222712 bytes
MD5: 3001e72e8f211409b251bdcd7ba63aa9
SHA1: 9a05955b32b5bd0526e1c9c0d6e64c4ef512855d
SHA256: 89E18AB02459867CCDF618A66FF389BC9EDF60E04563304F1405C4D16D9C4A90
File Size: 4.39 MB, 4394248 bytes
MD5: b6ff28b9d7d633b8bb281aebf4804f4b
SHA1: bf8aaa6193967ff19dfa75b44ef73cfb56997f80
SHA256: 02A565B6D4B01229559AF67B4E320F5F4E4A8BC2C6FA8F7E2BEE39F00E9527D2
File Size: 1.55 MB, 1554904 bytes
MD5: c23df4ce34b36c785705c0b203f8643b
SHA1: 31a0c2dab9e43c8ec91a714940305342438450e1
SHA256: 689870E4A4B904A6299ABCF5541C502291EF2C55236E726EBFECDC7F9F381D16
File Size: 1.94 MB, 1943976 bytes
MD5: 925f2f5116010ec85da718cc62c22b39
SHA1: 9ede47143f36493a0d7a087117b0cfd00f53caf6
SHA256: 06C8BD4933165927D8AA80E7F591F851D598D9BA0BF19FDE909590B930E01A43
File Size: 1.84 MB, 1836768 bytes
MD5: f547e9cf1ed3480ee00c4718e31290a7
SHA1: 789fd5e250a2776e0677cc1b2baada9fa9d79279
SHA256: 2DF3F2D419349E7DCC56B3C78293CF329CEB8B10BB75199802C0E2243B4948E6
File Size: 1.94 MB, 1943976 bytes
MD5: a099871e501060262a4be96b4c6c4bac
SHA1: d43d951e0a2f3c82d20f6b12f1ef1fa1dfc725e6
SHA256: E2859E64643AE0B1109501AE01DE4B8AA452B1F62A5601788846285AA2F1F32D
File Size: 7.48 MB, 7480568 bytes
MD5: 7390966345cf7b3b78ceea27b1a1cbde
SHA1: 231a051ff989323bd0686a974c02dc85502e2b6c
SHA256: 64EEE8760F90A4ED25F3062DD202E2559E8C8402F75427D86D9BE21775B76D06
File Size: 1.94 MB, 1943976 bytes
MD5: 8da075019334eda19e541e99d5ea01d5
SHA1: 3e7dbdc5bfa8cb5407bf5a9764cba02512040e12
SHA256: 92D981B973410ACFFCE48ABE088DF6FB3013EF8F47057AD1237385410E752399
File Size: 4.22 MB, 4222712 bytes
MD5: d199edb844e8abe6986d43bdf15dc447
SHA1: b327bc77b513efda09c9b26b38c5b2f25b34656e
SHA256: BE2CCD2B75D03A1B461AA524AEA309DEC2EFC5CF87653DBDF1CB407F038267F4
File Size: 4.22 MB, 4222712 bytes
MD5: 8142467b3d9243db7fba464fac452dc5
SHA1: 81aece889c80312030a37d0c1c8f3005945137ad
SHA256: ADCB3B7FBBD55DA205C2CAA101087766496E8FC6AA96E2BA9C30A769D24EFA46
File Size: 4.22 MB, 4222712 bytes
MD5: 91d56444ba1eb34790476fe7eff5cd42
SHA1: c32c8445ea9b6ceee33a2d42071ceec530a886e2
SHA256: B6CEDC50FF011DBEFEF9914E9C96CC5F28E5EE430CFBF877156479B7988FDE49
File Size: 1.96 MB, 1957176 bytes
MD5: b687818311f0aa7091ff99d38127a5cd
SHA1: cfa2d9affa3ce71aecbb0520b884e0f39453398e
SHA256: 1823119422CC8AFC9252D12628EFD9676AEAF852460795D50901DE42ABB66836
File Size: 1.96 MB, 1957176 bytes
MD5: 0b43b4697c5eb1cc2a3011b1197fb18a
SHA1: 68999728c52d68ce1f12ba4fd3497d057826bc70
SHA256: 72F374395F88381D40B4FCFA6B81C0DF9425E7852E80884046F91262A33E46B1
File Size: 1.96 MB, 1957176 bytes
MD5: f2f55dddfda6787c4b9457d202ec0cc4
SHA1: 7af788f05aba5d41f7b0c79eef9a998c34b2d8ec
SHA256: A9A7F1E674C8D1D267D02D0F4AFEC472BC09F5499A1D57BBACC53081D7103EFD
File Size: 1.94 MB, 1943976 bytes
MD5: 41d8302102dc326e5f3d10b9748db4b9
SHA1: ee996b18199d075c26f9b058640b8d56a11aaad6
SHA256: 62F82882FE374B987D79053F7C1BADD76D427A007F3EE474156F7C76B7E059F8
File Size: 1.95 MB, 1952936 bytes
MD5: 2e5ee7c59843b138095e16d27db80b93
SHA1: 22fc3f26f4a7ae3783a285760013f91ca89d9df1
SHA256: 6E9A194401F3450190B1E32DBEC7296AC6942673C0324C506A64B90686DC2554
File Size: 4.22 MB, 4222712 bytes
MD5: 1991d93048324fbb18c587bb2b66c517
SHA1: 4350c5555e5269310fc7da98db094f6ebfac8233
SHA256: 99833DF3A4CE9574FA064950EEB9274BBEC90D32D9E4BD5E48B4A4456F738504
File Size: 4.39 MB, 4394248 bytes
MD5: e33de8d301062861514457ba0b13ebf3
SHA1: 6d7b6eaa8a824c0d61ea1d83ff1da763ad1a7d3a
SHA256: 78D495C84B98EB1336E3AD9E043E279EEF9BF526F4DD2083A0B39E8073A13696
File Size: 4.22 MB, 4222712 bytes
MD5: 4119790ffe2058fef5ad6878bcd70b4a
SHA1: 7e6f2075303bf9ce6efc3c2fbe9fc55eda339fd3
SHA256: 1CFEFAC0355DAF707213967139EB2C12961A4B5CEF7B861CB000635922755904
File Size: 1.96 MB, 1957176 bytes
MD5: 6516786521e8a4cb139213de0560f044
SHA1: 0115c53c60ab113dbbeeb425f82c36eee7856a70
SHA256: 5A7F34115B51BC7A9913BABD3F4DEFF2E257C8F6C8DEB39C8D07ECD6BB31F7F3
File Size: 1.84 MB, 1836768 bytes
MD5: 089560186acdcfc0143f0a242a5552f4
SHA1: 6392aed9642017d7525ad62121077003c9b69a6c
SHA256: 66FFFC68DB6DECFC37C5903013FA3217440D43EB3D2E55DD6A6E53A8B3FA3AA1
File Size: 4.22 MB, 4222712 bytes
MD5: fe41d5daec232b4372c7363e2f07c7c7
SHA1: d56d769b4adc0f60c71159fd4055a99ff786d9a5
SHA256: 4685D46C69F09AB9488E5EA94C7132E651637BD3ED2D9DCABE47D2D5E209AFF9
File Size: 1.93 MB, 1930664 bytes
MD5: 7d970f20c7a1331bfdd0f7ee98eef7ed
SHA1: 6083c34cbbdc37797e1a71af4bde3157f2461b08
SHA256: B551446929F59D219B9F5109CF4E5FA8A7DB7B52000DDACF112E7282BABB3BD0
File Size: 1.95 MB, 1945152 bytes
MD5: 8ca333cbfa40b952438dacff4fd11c25
SHA1: f7ec7a91b11297eb527ba5390c735b0eb221b97c
SHA256: A00F82A15A6A8C0A84C3776DDD1B3941E66E15E95D0D9961C3C17B455CE4D9F5
File Size: 1.84 MB, 1836768 bytes
MD5: 3210f6bb2468d290f3467a2f209418ec
SHA1: b226d68575e6dd2aa8e2d5e45d199de1519c643e
SHA256: CFE6FA5EC7AD64756DA0B3A656F327E76BDF08909D8BEC5D532EE79B4246A858
File Size: 4.22 MB, 4222712 bytes
MD5: e9f7f4dd43a5010f2dd5f3a0ab622aea
SHA1: 0022cf0d5f9da600864c1bc9d83c144a23cdf760
SHA256: D8FE3261AB35D5C39C0E0FF371A9A863DE6DE792A6AA770551CBE622119D164F
File Size: 4.22 MB, 4222712 bytes
MD5: 6d970ced4cd28ce9cf7f3aae0302b181
SHA1: f5fe03d22e01171d561da1babf40161320ddd998
SHA256: 22248509F3297E090373BF90EA545EC604C599342E6AAB1D599EDEAD70A24A55
File Size: 9.00 MB, 8995280 bytes
MD5: 65b2317f981e9662e5f298ae771dfa04
SHA1: 8edf1961d8f5c73232cadfabdbd6ffb3005ca7f6
SHA256: 780E0A38386C961F80A501AFC9D72D0411351B7B7EAB7699DF1ED6D71390E39A
File Size: 1.14 MB, 1143832 bytes
MD5: a4a2efe7a5d3371b9ec9e377fa6e4dfa
SHA1: c61af2e5984b986ed0a12ec31271a4c20961a016
SHA256: E9FCA7CA298CD5806DB5F3C14881E14922DE8934B9D30C26BC16002074E6C7D3
File Size: 1.03 MB, 1031704 bytes
MD5: c6b9f4b95f316b300daed3da76f0458b
SHA1: 1b74e0563e5b6dae01d3809e8e47d51a11e11335
SHA256: 7680ADD894A53A024718717F736C077667C70218EC03A7F943E0075D12DC9869
File Size: 1.94 MB, 1943976 bytes
MD5: c3113ee520c607c5f51f9c7a725568a2
SHA1: 3f03823f3515a527e922df3a1364e1184a2182b3
SHA256: BE75F2F770D0B6D46A768B163A84DD17DA29125611111BD74832CAB736C70E76
File Size: 1.94 MB, 1943976 bytes
MD5: 51beb332c6462ea43dfda3c5cc2e2e13
SHA1: dea70edf520233affa73923cba3acead097470bd
SHA256: B938E8C157A20CD5EA05FC7761DBE0F5BA47EEF84D1E434D5814B0F793A0E74C
File Size: 1.14 MB, 1143832 bytes
MD5: fbd53ae4f2888192dd681e1a47ab52b7
SHA1: 8de4d708c34905f36f887b672be05df201b64092
SHA256: FA2E855B90CB78188D9ABE9CAC209B2332316CEFB0AC68F58C918515D1A00A06
File Size: 1.96 MB, 1957176 bytes
MD5: d3657fb6cf88b1e3b57eac4003c75f74
SHA1: 2c56a7ef2fa1b812615f7cb3d4aa20532980625c
SHA256: 074D6F3CBB86A303FD702F99A4A20B7F4DD0B38BCDB11CD55B39391D12D30429
File Size: 1.14 MB, 1143832 bytes
MD5: 9d521a078ce589e08e505009835ea929
SHA1: 749463ff5394ba43993888b3b179686d78b9065b
SHA256: BD3066D09494F3E2F8C90003BE234783617FD8033D3A231585822E225D273C61
File Size: 1.83 MB, 1826328 bytes
MD5: 6d78eb99cab87e5189d04cea367a75aa
SHA1: 77cb45f83ba0cdbb6702a5452aebdb005e61e43b
SHA256: E1FEA5D5E79400921188EE9D0250EE1C79265D415C27F8369D4D095036E0E66C
File Size: 2.34 MB, 2344408 bytes
MD5: 93cdd5e11d35b0b33604c3928256e0d8
SHA1: ed4654ea716fa3da5286c616d3a9e5e5fa99f764
SHA256: 66FA137A689310A7E1FFABEA80B07D5433E47FD539F7B8E37199641CBAC3D2C9
File Size: 1.14 MB, 1144344 bytes
MD5: 990e80ac387f7c5ecb6c8926f69a794b
SHA1: 0a6f607d8d18dfd95f6e48594581b1daf4601ac1
SHA256: F6F54F4DCFF87F0C58CDEC43B5F5242480E47922D79DD3B8015FABF890170B92
File Size: 2.11 MB, 2108440 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name
  • Yandex
  • Яндекс
  • 鲁大师
File Description
  • TelemostSetup
  • wangzhe
  • YandexDiskSetup
  • 升级模块
  • 卸载程序
  • 显卡性能优化
  • 重复文件清理Tray
  • 鲁大师Lite版
File Version
  • 65535.0.345.1224
  • 5.5025.1205.1022
  • 3.5026.1000.105
  • 3.1225.1190.1103
  • 3.2.44.5094
  • 3.2.41.5053
  • 3.2.40.5041
  • 3.2.30.4914
  • 3.2.18.4611
  • 3.2.18.4589
Show More
  • 3.2.13.4258
  • 3.2.0.4105
  • 3.1.8.3059
  • 2.2.1.5317
  • 1.1325.1060.827
  • 1.1225.1005.604
  • 1.1025.1025.303
Internal Name
  • gpu_opt_ui.exe
  • HomepageAssistantTray.exe
  • LdsLite.exe
  • mgbox.exe
  • NetSentinelTray.exe
  • PandaProtectTray.exe
  • pop.dll
  • SafeViewTray.exe
  • TelemostSetup
  • uninst.exe
Show More
  • YandexDiskSetup
Legal Copyright
  • Copyright (C) 2008-2024
  • Copyright (C) 2025
  • Copyright (C) 2026
  • © 2016-2019 ООО "ЯНДЕКС"
  • © 2016-2020 ООО "ЯНДЕКС"
  • © 2016-2021 ООО "ЯНДЕКС"
  • © 2016-2022 ООО "ЯНДЕКС"
  • © 2016-2023 ООО "ЯНДЕКС"
  • © 2016-2024 ООО "ЯНДЕКС"
  • © 2016-2025 ООО "ЯНДЕКС"
Show More
  • В© 2025 РћРћРћ "ЯНДЕКС"
  • 版权所有 (C) 2008-2024
  • 版权所有 (C) 2008-2025 www.ludashi.com
Original Filename
  • gpu_opt_ui.exe
  • HomepageAssistantTray.exe
  • LdsLite.exe
  • mgbox.exe
  • NetSentinelTray.exe
  • PandaProtectTray.exe
  • Pop.dll
  • SafeViewTray.exe
  • TelemostSetup.exe
  • uninst.exe
Show More
  • YandexDiskSetup.exe
Product Name
  • MaxProtect
  • wangzhe
  • Yandex.Disk
  • Yandex.Telemost
  • Яндекс.Диск
  • Яндекс.Телемост
  • 升级模块
  • 重复文件清理Tray
  • 鲁大师Lite版
Product Version
  • 65535.0.345.1224
  • 5.5025.1205.1022
  • 3.5026.1000.105
  • 3.1225.1190.1103
  • 3.2.44.5094
  • 3.2.41.5053
  • 3.2.40.5041
  • 3.2.30.4914
  • 3.2.18.4611
  • 3.2.18.4589
Show More
  • 3.2.13.4258
  • 3.2.0.4105
  • 3.1.8.3059
  • 2.2.1.5317
  • 1.1325.1060.827
  • 1.1225.1005.604
  • 1.1025.1025.303

Digital Signatures

Signer Root Status
天津六六游科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
成都奇鲁科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed

File Traits

  • HighEntropy
  • Installer Version
  • x86

Block Information

Total Blocks: 8,839
Potentially Malicious Blocks: 566
Whitelisted Blocks: 7,814
Unknown Blocks: 459

Visual Map

0 0 ? 0 ? 0 0 0 x 0 x 0 0 0 0 0 0 0 0 ? x 0 x 0 0 0 0 0 0 x 0 ? 0 0 0 0 x 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 1 0 0 0 x 0 0 0 0 0 0 x x x x x 0 x x 0 x x x ? x x 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 x ? 0 ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x ? x x x x x x x x x x 0 x 0 0 0 ? ? 0 0 x x 0 0 x 0 0 0 x 0 ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? x 0 ? 0 x 0 ? 0 ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? 0 1 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 1 1 1 1 0 0 x 0 0 0 x 0 x 0 0 x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 x ? ? ? 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 ? ? x x 0 0 0 0 0 0 0 0 0 x 0 0 ? x 0 ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 0 0 ? ? 0 0 0 ? 1 0 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 0 ? 0 0 ? ? ? ? ? 0 ? 0 0 ? 0 ? 0 0 0 0 ? 1 1 ? ? 0 0 0 0 0 0 ? x ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? 0 0 ? 0 0 0 ? ? 0 ? 0 ? 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 ? ? 1 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 ? ? 0 0 0 ? 1 ? 0 ? ? ? 0 ? ? 0 0 0 0 ? 0 ? ? ? ? 0 0 0 ? 0 0 ? ? 0 x 0 0 ? 0 ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? x ? ? ? ? ? ? 0 0 0 0 x x 0 ? 0 0 x ? ? x x x ? ? ? ? ? ? ? ? 0 x 0 0 x 0 0 ? x x 0 x ? x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x ? 0 0 x 0 x x ? 0 0 0 x x 0 0 x ? ? x x ? 0 x ? ? x 0 x 0 ? ? ? 0 0 x ? ? 0 ? ? x 0 ? 0 x x ? x ? x ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x ? ? ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 ? ? x ? ? 0 ? ? ? ? ? 0 0 ? 0 ? ? 0 ? ? ? x ? x ? ? x ? 0 0 0 0 0 0 0 0 0 0 ? x ? ? ? 0 0 ? ? ? ? ? ? ? 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x ? 0 ? x ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? 0 ? 0 ? ? x 0 x ? ? ? ? ? x ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x ? ? ? 0 ? ? 1 0 0 ? 0 ? ? x 0 0 0 0 0 ? ? ? ? 0 ? 0 x 0 0 0 0 0 0 ? ? 0 0 0 ? x ? x ? ? x ? 0 ? x 0 ? 0 ? 0 x ? ? 0 0 ? ? x ? x 0 ? ? x x x 0 0 x ? 0 ? 0 0 0 ? ? ? x x x ? 0 0 ? 0 x x x x ? x x ? ? x x x x 0 x x ? ? ? 0 ? ? ? x ? ? ? ? ? x ? ? ? ? x x ? x x 0 x 0 0 ? ? ? ? x x ? x ? ? 0 ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 x ? ? 0 0 x x ? ? ? ? x ? x 0 ? ? x x x ? ? x x x 0 ? 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Ludashi.B
  • Qihoo.B

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\yandex\yandex.disk.2\{3fe0ef39-1462-4094-9a42-43b4ee3c383b}\yandexdisk30setup_x64.exe Generic Write,Read Attributes
c:\programdata\yandex\yandex.telemost\{94fb9483-8c59-4f1b-81b0-cff00949b7c8}\telemostgoloomsetup_x64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\yandex\yandex.disk.2\events_setup.dat Generic Write,Read Attributes
c:\users\user\appdata\local\yandex\yandex.disk.2\events_setup.dat.lock Generic Write,Read Attributes
c:\users\user\appdata\local\yandex\yandex.disk.2\yandexdisksetup.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\yandex\yandex.telemost\events_setup.dat Generic Write,Read Attributes
c:\users\user\appdata\local\yandex\yandex.telemost\events_setup.dat.lock Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\yandex\yandex.telemost\logs\yandextelemostsetup.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\360netul\f5fe03d22e01171d561da1babf40161320ddd998_0008995280.netul.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\d9a40989-314b-45fc-ac6c.dat Generic Write,Read Attributes
c:\users\user\appdata\roaming\microgame\netbridge.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microgame\netbridge.zip Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microgame\netbridge.zip Synchronize,Write Attributes
c:\users\user\appdata\roaming\microgame\netbridge.zip Synchronize,Write Data
c:\users\user\appdata\roaming\microgame\netbridge.zip.temp Generic Write,Read Attributes
c:\users\user\appdata\roaming\microgame\utils\7z.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\yandex\ui Generic Write,Read Attributes
c:\users\user\appdata\roaming\yandex\ui_yd2 Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\commaster::mid RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand  RegNtPreCreateKey
HKCU\software\yandex\telemost::installeroldlogsremovedv2  RegNtPreCreateKey
HKLM\software\wow6432node\commaster::mid RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::from bizhitaskpop_wd_wzzx21230 RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::installdir C:\Users\Gtxciufe\AppData\Roaming\MicroGame\wzzx2 RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::exepath C:\Users\Gtxciufe\AppData\Roaming\MicroGame\wzzx2\wzzx2.exe RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::installtime 2025-10-31 19:58:42 RegNtPreCreateKey
Show More
HKCU\software\newmicrogame\wzzx2::displayname 王者之心2 RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::pid bizhitaskpop_wd_wzzx21230 RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::version (NULL) RegNtPreCreateKey
HKCU\software\newmicrogame\wzzx2::channel bizhitaskpop_wd_wzzx21230 RegNtPreCreateKey
HKCU\software\newmicrogame::uninstallthirdparturl (NULL) RegNtPreCreateKey
HKCU\software\newmicrogame::platform jkw RegNtPreCreateKey
HKCU\software\newmicrogame::installedgameids ;wzzx2; RegNtPreCreateKey
HKCU\software\newmicrogame::setup path C:\Users\Gtxciufe\AppData\Roaming\MicroGame RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob  ︗ꕰ಻葧듊ḋɡ໕ꃊᵓ䵫箙妼 `VeriSign Universal Root Certification AuthoritySB䀰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 4㈰ࠆثԁ܅ȃࠆ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob 涭␛㄁豪␳礶㗊蝦ひきﮥ㮇꜏띻名~쀀⼃ǖ魃前涐ꃷ焗⧗蝒댣瞶槺䝈原픒㈇ݶ韑ᤇᐰࠆثԁ܅̃ࠆثԁ܅ăb 餣ᅖꔧ╱賞ൡ⿟碠좵缆艎邂뢿㱋 4㈰ࠆثԁ܅ȃࠆثԁ܅̃ࠆث RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob 궎Ƶ䶪ᶌᦕ ︗ꕰ಻葧듊ḋɡ໕ꃊᵓ䵫箙妼 `VeriSign Universal Root Certification AuthoritySB䀰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob \ࠀ涭␛㄁豪␳礶㗊蝦ひきﮥ㮇꜏띻名~쀀⼃ǖ魃前涐ꃷ焗⧗蝒댣瞶槺䝈原픒㈇ݶ韑ᤇᐰࠆثԁ܅̃ࠆثԁ܅ăb 餣ᅖꔧ╱賞ൡ⿟碠좵缆艎邂뢿㱋 4㈰ࠆثԁ܅ RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand 5 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand 0 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand RegNtPreCreateKey
HKLM\software\wow6432node\commaster::mid RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand ` RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand " RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::stat_rand RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • getpeername
  • getsockname
  • recv
  • send
Show More
  • setsockopt
  • socket
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
Network Info Queried
  • GetAdaptersInfo
Network Wininet
  • HttpOpenRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c61af2e5984b986ed0a12ec31271a4c20961a016_0001031704.,LiQMAxHB

Trending

Most Viewed

Loading...