Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.WebPlugin.A

PUP.WebPlugin.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.WebPlugin.A
Signature status: Root Not Trusted

Known Samples

MD5: 117d3fb499dd89d16561e5a13ac54b32
SHA1: 8fd7f6ecca9d3afcd1f57f7a985066a8e940784b
SHA256: CEFA5776104DD0554743F72367A136D32C763F787CD44ACD90F39FF99FA9974B
File Size: 135.17 KB, 135168 bytes
MD5: dcb5d8926a5e5c60f9d6cfc9ce0aa923
SHA1: a2e0cc0b4e0d7efbb7fd1660d77aefdd53f00154
SHA256: BDCD8D72167B89138A377296CAA0D1292368113469F61493D7692F16655B0748
File Size: 139.26 KB, 139264 bytes
MD5: cff8b00047385758c6e113cd1ca9d306
SHA1: e4253e9db3949794cb979456ea4c0a5f769ec160
SHA256: 4D29513C87B5F7B5B77B0276E9F9DFC8EFB212079109BF397D1823A9D941D5A9
File Size: 139.26 KB, 139264 bytes
MD5: 5da08804ae53cc9f81603f3f8f0705ca
SHA1: bf8333f17d4a99d68ed611687e8e58a695bcdc4e
SHA256: AC8E297D5A96DCABA04B8022826D7866ADE4BDCA8F735364691D6DED601884AB
File Size: 157.88 KB, 157880 bytes
MD5: 3cf977d61d9770ea46a816cf2f413e3c
SHA1: 0abcb492620eeaae68b8d4d1f2b7cc9ac2128dc4
SHA256: D6930E412C0A2A6CA30B325F5F713B5F86034CF8AA51603990065E5311FA7EBB
File Size: 135.17 KB, 135168 bytes
Show More
MD5: 5ca6edaff7670aa0f8af7130e5e7622a
SHA1: 7f1f104d71dbb03bead62a7c35902ea63a91dc10
SHA256: F9D7942E93437CDE32AEAA24048721CF377775C1DC0FF10A5028E0C854DB9E14
File Size: 118.78 KB, 118784 bytes
MD5: 7c69ff07e937e970d614751776319075
SHA1: 005e9c57cacbacb9d9f16fff55001ea471175539
SHA256: E2A270A2AC6F9EF59891FC00589BAD652A09AA78CD298BEF28C96667D93CF5B5
File Size: 143.88 KB, 143880 bytes
MD5: d4c431fb4239a35eb41368d14c38de15
SHA1: f65fcebe5ecf1fa1dbba09958f134fd43912623d
SHA256: F7A4A5DD08D92C4988D258ADF73B987FB22E32D9873F47FE65A7EFD8B56D29D3
File Size: 145.15 KB, 145152 bytes
MD5: 5f02cb8252cacac0f94f1cefe3dfedf1
SHA1: 6f131e19bcf0b4c8290884d911cc90d2161b3dac
SHA256: 7841F47360706C56980C4A00C8B57D5CCFFE7C07A7E0AE936AC765B1E85149D8
File Size: 139.26 KB, 139264 bytes
MD5: ac0402850f7097129fd0e9041a058837
SHA1: 51d72022b6a06c579567b10d102f8e378ceb58b8
SHA256: B0D051036D153DED95B01B78338BB7E672B7C9175A5484802FC2B07B54103354
File Size: 126.98 KB, 126976 bytes
MD5: 951c774184db54ec56a1bd180f1da3cb
SHA1: 9808485684b3464bc0634c8725b7e15efa70a8a3
SHA256: 6C0D6CB8E1AEEB6610AC8BA38AEB926E64C70B6A15D8C73703EDF77A5C00DD13
File Size: 145.16 KB, 145160 bytes
MD5: 38d8fa19104d2d053ecdf2fc8ffebfc8
SHA1: ce20991750224314d5d3f6884881200868a946d2
SHA256: 1ED93111B00286598577DEE8817E4992154F5BEBE7F6355C251B6E8BEF8A6985
File Size: 2.84 MB, 2839473 bytes
MD5: 2e3dcd213c3d650e04ec3016183c7ae9
SHA1: 41f4fac0bedcce516216ca2f4b3b336b3d6a3bcd
SHA256: AD3AC648C2F422F4F54042D90566AF29AF8F47DB8A490683C38172F2C5D3B348
File Size: 997.54 KB, 997543 bytes
MD5: 94e162ff22c33c57318b628779477039
SHA1: fc3aad093d2a6d3fe2810d7e514c61e0bb62cb60
SHA256: F71B61701CBCCC2BA73890521EEA44521BC741FF3EAC58AA41B7F499EFC556E9
File Size: 139.26 KB, 139264 bytes
MD5: 88d40c4c5d9def97a603819cf5c9c1b9
SHA1: fee0373f31139be00f853dd984bdd1257562f193
SHA256: 6A2A5783102FC0A29CDFE7327883F6889BB4F3AB2935584A97FCFB8A5D265DEE
File Size: 145.09 KB, 145088 bytes
MD5: 35e6e14a24d995e9341c94f107d87da8
SHA1: 9b5586615ca6460c43635d141e09ae31bdd6f866
SHA256: F6739025C242001E3D13C72326527A9CBEAD9D83751C22367CEDF5B2269232CB
File Size: 149.26 KB, 149256 bytes
MD5: 53244420784f9f0b0261b2b64aeeceec
SHA1: 5fd51b7b1161370204b6c37f4996013709729b87
SHA256: 2DCF4FE2E7B45892042E6F19B23DE71C0C39C4C7A09DF79E8E460BE8CA14F2CB
File Size: 122.88 KB, 122880 bytes
MD5: 3a5d0d8f06ed501cf308006c3251240f
SHA1: 50313d9eabe4b81c247ceae8eb9889a17f91ff06
SHA256: 975F9A53299C37A723D398AB50A27ADADC2C31BA991A9E7494E0CC478ACD1156
File Size: 147.26 KB, 147264 bytes
MD5: 430a555c7700e120fe27d2d759941d6f
SHA1: 41c2b5897d420a2ec00a8686e035b6d8f7f9e062
SHA256: E5DDC77AB297806553BF6CACE6218B90DE563A5241846234ABFA3E91AA709B05
File Size: 124.74 KB, 124744 bytes
MD5: e2069b9774ddd32ce73058203b226401
SHA1: 4751e0f30b3043dded78536c5c92cca1ed67ae20
SHA256: 404647F1190D27698B3CDBE5751AA5BEC2717D1E51A43E8988E0064BAE831702
File Size: 122.88 KB, 122880 bytes
MD5: 6bdd008cf36b71354c6bf5ce76a71817
SHA1: dacae409dd1e1e866a1f119cfe9a48c2e6e4d585
SHA256: 30EDF2AB999F055CAB5D5C140B839711952BE1E524376C56A3EC773E8EAE3935
File Size: 956.33 KB, 956328 bytes
MD5: 35cfc87a57a727032a66a39d7d658234
SHA1: 2c57b61c9a47685bea368a196ade15594aee4e38
SHA256: C3F1337C6D09A83475802904AE9507BAC1A301E37074D31086E890F8D37D809C
File Size: 118.78 KB, 118784 bytes
MD5: 7d7ba046b1ce7de56efd310e250d58d1
SHA1: f3d0dfa49daf47af684f05b044097539fba5a495
SHA256: D65F5D0E9E1F77D60FFC2D062BA0FA929CF68D34C3E624F641011C2DBE7C260A
File Size: 118.78 KB, 118784 bytes
MD5: 67eea02b1d7450fbb9aefbe892be62fe
SHA1: 8bca0c904a1b2446b50da88e7c6388b4bbd21cac
SHA256: 7BF67884C3DD131BC3FCEF13C1EC0632D17334D3899744364A476BD8F458A0A7
File Size: 145.15 KB, 145152 bytes
MD5: e50b0894819bb8639cd9209165ee7e76
SHA1: 7ce25bfb4fcb0d64d451420972ba689fc90a34a0
SHA256: 9FEBCA05C996576292DEAA195BCD7FD5149E22648E9BF4C73BA637BA64181B2B
File Size: 147.53 KB, 147531 bytes
MD5: 1416b8e46592c7d03b49b391bbb397a3
SHA1: 8ede78d4cb3d055abf2409369a12334371461b3f
SHA256: EFAE99DE5F433FCBB781F71D0F36A5540F47B7F3A1FA2633586D401E7E7B7E26
File Size: 124.67 KB, 124672 bytes
MD5: c9dcb307baaab5416d238ca2a3e2abda
SHA1: 2d0f24e83bd82c0e35bf0d015dc7e95f4e9b4e67
SHA256: 82E25733DE53B55252D652559AA7D38A439A22CAB22E138A829E62C9A94FDEC1
File Size: 118.78 KB, 118784 bytes
MD5: 390aa970c759d0db6361e1896c033772
SHA1: 2199977d51861418c699d3af108e59c2ef6e4332
SHA256: E93350EADAB502A9D58E6DB03074AF735BE677B2E0797A0BB1011A3CFD282B6D
File Size: 131.07 KB, 131072 bytes
MD5: dd5d5dbd320ac4311314633fffff5691
SHA1: 94e9af88ba69c79fb6302ebe0ba7c0459dbe9d22
SHA256: 98A0DFF2C4A5B86868E058119D1EA76A6E62B0CFF87D251D6FA6AEBDFDF09076
File Size: 1.34 MB, 1335030 bytes
MD5: 4f6d9c9e6c17af0013130707478b2bcc
SHA1: c53764981bfc367d0c2338b2da43a34eb3897cc6
SHA256: 1525801606666C48DCF46B04A6A943CB7C63DC27632CEB232BCB2C0CFBA63E88
File Size: 135.17 KB, 135168 bytes
MD5: 300b11af26f5305f41b6eacaa565b3a3
SHA1: 60d6b9e7227c8839b0d12e98b44fc789e3d587f2
SHA256: 8D418F02D3F170D2F96AF0E58AE6918732A4004D8B7C623F79F17253CF246AB1
File Size: 131.07 KB, 131072 bytes
MD5: 381cf9971a6f02bc015f90c5ea630bc1
SHA1: a5b47582761ac5334c088a6f64dedcc0a1bae199
SHA256: B9FFFF5E7CC5C1E99E2A41EF51CEF7BED779FCC5E4C1EF3DD2B4056C178E896C
File Size: 139.26 KB, 139264 bytes
MD5: 99ee913404dcd536855ee7edd41fcb50
SHA1: 8fc585f4e081629aa155e3983073bb4e9a6f19e7
SHA256: D4D1699027B962E11E8C9679F1EDCEB3730BA5C6897ABCB75C1B141F3D9E91A0
File Size: 124.67 KB, 124672 bytes
MD5: 5e38ce1b8b06d9cb694ad5acbad0586a
SHA1: 07eb203ab2de40bc3530f7528d2f40f36e326415
SHA256: 9B4A63F48D147828FBEC84B82D5F0B1196F535030979E4681E74704F340E5FF1
File Size: 143.36 KB, 143360 bytes
MD5: d74d454b3072f459cc99c4c9bb8cfd61
SHA1: 600236be9f3a18dc781f4a2c517cbba78f1d0bf9
SHA256: 83EC59C9E42023B87DA064D7FED944E6820227D8C5C3A593EED8BC51F901D3F8
File Size: 135.17 KB, 135168 bytes
MD5: f579a086e8a595a2aa1eb9391b2617d3
SHA1: a4091b51dbf10e5ed44615c2008e2e78076a9264
SHA256: A1C2C36AA5669F1FBC045184084F18D78E78BCFFB06263CCD47AA5C6AAF38B8A
File Size: 131.07 KB, 131072 bytes
MD5: 95b42e17899ef5d82cbdee45bb4a5313
SHA1: 6745c17ce18af1f6e54a2d8de18cc869f9fbcdd5
SHA256: B45FF05CE3B2673663EF33770DBEEB55EDEA1513CEED05CA83C5EFD06DDA9EEB
File Size: 128.77 KB, 128768 bytes
MD5: 5eb50e9399e9e5d595548d8ed37a33be
SHA1: 46d20085e607779d923fed35e169e89a7d03b67f
SHA256: 88C50F2FD041F8D6296DBF7EAFB7FB2A285B4601B041B46CA6710A054570ACBC
File Size: 122.88 KB, 122880 bytes
MD5: 019a75919a2e7b573ff5ae5c1395b829
SHA1: 7d455f5e756fac010564baeefe5e05f8cbcce1ea
SHA256: 6BB3C674652F7014AF30AC38F252321126BD94462992685892BD14E1F164074A
File Size: 2.16 MB, 2155304 bytes
MD5: 01632ffc8cfd71a97a0480ec3ad6e269
SHA1: a28d1e621200a826ab37d543ed29e82208e246fd
SHA256: 325E977E3AA695489CB9E0958E31A55D59D1DC74A05129E7F60D5DEDB4D29CBC
File Size: 1.13 MB, 1133921 bytes
MD5: 82fe9273ddb021a7009b7c2327bd1625
SHA1: 2d8e6fb1e0bde8f407fd62781bc20210b87e054d
SHA256: C416BB36760DC5728030B11B641A5BC1DEABCBFD878D725E7D8196D30B761DC2
File Size: 118.78 KB, 118784 bytes
MD5: f758b7bde2315304472421d8d6c6dd1e
SHA1: 11344a83fb1835574538a7440e2a11b9a5481734
SHA256: 7FBD58732E607FD6FE227532BDA8C5F8F1EDEBA63BF923C022D6FA20BF15572C
File Size: 118.78 KB, 118784 bytes
MD5: 84424740337c0e8a97a8155cd0fe3e71
SHA1: 4ad8ee87d6d0f9fe0f61a593a1758930af4160e4
SHA256: ABA04A1A02B12D1EE918816FD38F5658D5302D3C80BD53011A9B60C1AF36D455
File Size: 135.17 KB, 135168 bytes
MD5: 0a531107997a6589f6e4da788a4ff933
SHA1: 19ac54bd8d3c9d0b03dee4e8e0bda7ca876fa466
SHA256: 8D903A8C11E6A277BC0E9DE1AB90E79621C7527A378B627E0C7212CF172AFE09
File Size: 118.78 KB, 118784 bytes
MD5: 8f4b234af7ee5e4d72ee2c3e927c0309
SHA1: 1bdd4fcf181402e120bd0539cc449ca83c320817
SHA256: B5045FAD2C543A658D74848EDB7A6AF27649F92700FEAFD0EA8DAA7844591EEA
File Size: 122.88 KB, 122880 bytes
MD5: e92269ecdb8b45117397c1e51546b7eb
SHA1: 3718ca61079603e7c6fb2846cd2980900c411c99
SHA256: 3ADE47455BECEA5AA300F57E1F6C110BA1D9AAF8DE2435B2C9569850704C2095
File Size: 139.26 KB, 139264 bytes
MD5: c17f2a8e9f77dca719222748615f6511
SHA1: 86980b7042c553d0f9419e4ab8c0d00c2985aef4
SHA256: 470332265C4B2B7C3DB01C8BE4ABD824D6428E0528A31C5178F2AFF85F86D787
File Size: 124.74 KB, 124744 bytes
MD5: 01aa1f9f2e368f96eaed5cceb4db7943
SHA1: 495576009c512d977e1f3c11545ff48c89a31ce6
SHA256: 77DE55DA3D2DB1F6A10CD291DF3D8E247F02A82EB24655BF2A976F47FB9E3A83
File Size: 118.78 KB, 118784 bytes
MD5: d510f584a7b080cf764fb2d8daa630e8
SHA1: 28eb7427d49f20f20b55ad414b2a72ec81988f0c
SHA256: EDD03DFD09D63A2AF6B6A1EB79039C6C7A0095712C4515D65DEDF59D9397A4AA
File Size: 1.07 MB, 1066656 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description
  • npmedia-v-3.1.0.201916
  • npmedia-v-3.1.0.221658
  • npmedia-v-3.1.0.224153
  • npmedia-v-3.1.0.229458
  • npmedia-v-3.1.0.239100
  • npmedia-v-3.1.0.240293
  • npmedia-v-3.1.0.243385
  • npmedia-v-3.1.0.245951
  • npmedia-v-3.1.0.248705
  • npmedia-v-3.1.0.249135
Show More
  • npmedia-v-3.1.0.249178
  • npmedia-v-3.1.0.251127
  • npmedia-v-3.1.0.254710
  • npmedia-v-3.1.0.260043
  • npmedia-v-3.1.0.265588
  • npmedia-v-3.1.0.275239
  • npmedia-v-3.1.0.289813
  • npmedia-v-3.1.0.295974
  • npmedia-v-3.1.0.306737
  • npmedia-v-3.1.0.311612
  • npmedia-v-3.1.0.327767
  • npmedia-v-3.1.0.358230
  • npmedia-v-3.1.0.423268
  • npPlugin-v-3.1.0.281187
  • npPlugin-v-3.1.0.285246
  • npPlugin-v-3.1.0.316323
  • npPlugin-v-3.1.0.354267
  • npPlugin-v-3.1.0.355005
  • npPlugin-v-3.1.0.356682
  • npPlugin-v-3.1.0.372164
  • npPlugin-v-3.1.0.375658
  • npPlugin-v-3.1.0.456163
  • npPlugin-v-3.1.0.495295
  • npPlugin-v-3.1.0.512511
  • npPlugin-v-3.1.0.531394
  • npPlugin-v-3.1.1.477275
  • npPlugin-v-3.1.1.481815
File Version
  • 3.1.1.481815
  • 3.1.0.614644
  • 3.1.0.479853
  • 3.1.0.330019
  • 3.1.0.322045
  • 3.1.0.288637
  • 3.1.0.233063
  • 3.1.0.2
  • 1, 0, 0, 1
Internal Name
  • npmedia
  • npPlugin
Legal Copyright
  • Copyright (C) 2012
  • Copyright ? 2015
M I M E Type
  • application/media-netplugin-version-3.1.0.2
  • application/media-plugin-intelbras-new
  • application/media-plugin-new
  • application/media-plugin-new_l
  • application/media-plugin-version-3.1.0.2
  • application/media-plugin-version-3.1.0.4
  • application/npmedia-plugin-intelbras-normal
Original Filename
  • npmedia.dll
  • npPlugin.dll
Product Name
  • NetPlugin npmediaDll Dynamic Link Library
  • npmediaDll Dynamic Link Library
  • npPlugin
  • WebPlugin
Product Version
  • 3.1.1.481815
  • 3.1.0.614644
  • 3.1.0.479853
  • 3.1.0.330019
  • 3.1.0.322045
  • 3.1.0.288637
  • 3.1.0.233063
  • 3.1.0.2
  • 1, 0, 0, 1

Digital Signatures

Signer Root Status
Zhejiang Dahua Technology CO.,LTD. GlobalSign Root Not Trusted
Zhejiang Dahua Technology CO.,LTD. GlobalSign CodeSigning CA - G2 Self Signed
Zhejiang Dahua Technology CO.,LTD. GlobalSign CodeSigning CA - SHA256 - G2 Hash Mismatch
Zhejiang Dahua Technology CO.,LTD. GlobalSign CodeSigning CA - SHA256 - G2 Self Signed
INTELBRAS SA INDUSTRIA DE TELECOMUNICACAO ELETRONICA BRASILEIRA VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Show More
Amcrest Technologies LLC thawte Primary Root CA Root Not Trusted

File Traits

  • dll
  • x86

Block Information

Similar Families

  • WebPlugin.A

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\dhnetsdk.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\dhplay.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\dhsurveillancedll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\fileoperator.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\h264dec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\mjpegdec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\npmedia.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\npplugin.dll Generic Write,Read Attributes
Show More
c:\program files (x86)\webrec\web30\webplugin\nptimegrid.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\postproc.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\timeaxesdll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\timegridexe.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\uninst.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\version.ini Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\videowindow.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\webactiveexe.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin\webactivex.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\dhnetsdk.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\dhplay.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\dhsurveillancedll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\fileoperator.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\h264dec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\dhnetsdk.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\dhplay.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\dhsurveillancedll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\fileoperator.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\h264dec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\mjpegdec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\npplugin.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\postproc.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\timeaxesdll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\version.ini Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\videowindow.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\hdcvi1000\webactivex.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\ivsdrawer.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\ivslogic.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\mjpegdec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\npplugin.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\postproc.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\timeaxesdll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\version.ini Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\videowindow.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webplugin_v2\webactivex.exe Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\aacdec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\dhnetsdk.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\dhplay.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\dhsurveillancedll.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\fisheye.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\fisheyectrl.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\h264dec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\ivsdrawer.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\mcl_fptz.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\mjpegdec.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\npplugin.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\postproc.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\python_nsibuild.nsi Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\python_nsibuild.nsi Synchronize,Write Attributes
c:\program files (x86)\webrec\web30\webview_l\speech_enhance.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\version.ini Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\videowindow.dll Generic Write,Read Attributes
c:\program files (x86)\webrec\web30\webview_l\webactivex.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga5e0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsha768.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5db.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsse33e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nst2b15.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsw662.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx733d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxa823.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsye4e5.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鰯⨴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 亘曆⨴ǜ RegNtPreCreateKey
HKLM\software\wow6432node\mozillaplugins\@dvr/npplugin,version=3.1.0.4::path C:\Program Files (x86)\webrec\WEB30\WebPlugin\npPlugin.dll RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 멁⹡觫ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal

60 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
Network Info Queried
  • GetAdaptersInfo

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8fd7f6ecca9d3afcd1f57f7a985066a8e940784b_0000135168.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a2e0cc0b4e0d7efbb7fd1660d77aefdd53f00154_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e4253e9db3949794cb979456ea4c0a5f769ec160_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bf8333f17d4a99d68ed611687e8e58a695bcdc4e_0000157880.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0abcb492620eeaae68b8d4d1f2b7cc9ac2128dc4_0000135168.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7f1f104d71dbb03bead62a7c35902ea63a91dc10_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\005e9c57cacbacb9d9f16fff55001ea471175539_0000143880.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f65fcebe5ecf1fa1dbba09958f134fd43912623d_0000145152.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f131e19bcf0b4c8290884d911cc90d2161b3dac_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\51d72022b6a06c579567b10d102f8e378ceb58b8_0000126976.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9808485684b3464bc0634c8725b7e15efa70a8a3_0000145160.,LiQMAxHB
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe" /unregserver
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe" /unregserver
TASKKILL /F /IM WebActiveEXE.exe
TASKKILL /F /IM TimeGridEXE.exe
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\webActiveX.exe" /regserver
regsvr32 /s "atl.dll"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fc3aad093d2a6d3fe2810d7e514c61e0bb62cb60_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fee0373f31139be00f853dd984bdd1257562f193_0000145088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9b5586615ca6460c43635d141e09ae31bdd6f866_0000149256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5fd51b7b1161370204b6c37f4996013709729b87_0000122880.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\50313d9eabe4b81c247ceae8eb9889a17f91ff06_0000147264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\41c2b5897d420a2ec00a8686e035b6d8f7f9e062_0000124744.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4751e0f30b3043dded78536c5c92cca1ed67ae20_0000122880.,LiQMAxHB
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe" /regserver
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe" /regserver
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2c57b61c9a47685bea368a196ade15594aee4e38_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f3d0dfa49daf47af684f05b044097539fba5a495_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8bca0c904a1b2446b50da88e7c6388b4bbd21cac_0000145152.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7ce25bfb4fcb0d64d451420972ba689fc90a34a0_0000147531.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8ede78d4cb3d055abf2409369a12334371461b3f_0000124672.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2d0f24e83bd82c0e35bf0d015dc7e95f4e9b4e67_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2199977d51861418c699d3af108e59c2ef6e4332_0000131072.,LiQMAxHB
"C:\Program Files (x86)\webrec\WEB30\WebView_L\webActiveX.exe" /regserver
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c53764981bfc367d0c2338b2da43a34eb3897cc6_0000135168.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\60d6b9e7227c8839b0d12e98b44fc789e3d587f2_0000131072.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a5b47582761ac5334c088a6f64dedcc0a1bae199_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8fc585f4e081629aa155e3983073bb4e9a6f19e7_0000124672.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\07eb203ab2de40bc3530f7528d2f40f36e326415_0000143360.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\600236be9f3a18dc781f4a2c517cbba78f1d0bf9_0000135168.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a4091b51dbf10e5ed44615c2008e2e78076a9264_0000131072.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6745c17ce18af1f6e54a2d8de18cc869f9fbcdd5_0000128768.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46d20085e607779d923fed35e169e89a7d03b67f_0000122880.,LiQMAxHB
"C:\Program Files (x86)\webrec\WEB30\WebPlugin_V2\webActiveX.exe" /regserver
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2d8e6fb1e0bde8f407fd62781bc20210b87e054d_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\11344a83fb1835574538a7440e2a11b9a5481734_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ad8ee87d6d0f9fe0f61a593a1758930af4160e4_0000135168.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\19ac54bd8d3c9d0b03dee4e8e0bda7ca876fa466_0000118784.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1bdd4fcf181402e120bd0539cc449ca83c320817_0000122880.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3718ca61079603e7c6fb2846cd2980900c411c99_0000139264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\86980b7042c553d0f9419e4ab8c0d00c2985aef4_0000124744.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\495576009c512d977e1f3c11545ff48c89a31ce6_0000118784.,LiQMAxHB
"C:\Program Files (x86)\webrec\WEB30\WebPlugin_V2\HDCVI1000\webActiveX.exe" /regserver

Trending

Most Viewed

Loading...