Trojan.Agent.AAFA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,964 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 309 |
| First Seen: | September 12, 2023 |
| Last Seen: | March 6, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Agent.AAFA |
|---|---|
| Signature status: | Root Not Trusted |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
70ce4bb8488d9ad7653ce568b7fea658
SHA1:
be7e10f8aaf7ba529f7a37bcaaad55a872bbadca
File Size:
7.77 MB, 7774912 bytes
|
|
MD5:
f2a2aef36c6fdd27441b7487f81fd2a5
SHA1:
16739cb544c1d8c4e8f1803d4293d641cf6e3109
SHA256:
3A14060670E61C7CF166919DB4E46A7F94D8048E9A39243B3C08BB86F2321E9D
File Size:
8.42 MB, 8416688 bytes
|
|
MD5:
1691778302a59e0774cf35e66434185c
SHA1:
df29cf1cc01147567f2cd6f2d01e4ee1089702fb
SHA256:
CCF2177B71E3274095CB1C63C1B5E10B284B7E89765F98BF91F2F7AF51D8D885
File Size:
7.36 MB, 7356920 bytes
|
|
MD5:
f8f4d6910d941c649942928126d58ad0
SHA1:
29b2acad0f48c603adda2ff5cbea412f9782bd25
SHA256:
6F2C05D1466D375B1547C740A27DB38A69E4A94B5A5D6B416901F24362810C29
File Size:
8.23 MB, 8228928 bytes
|
|
MD5:
d0bcc5944dccd907ada83d0d5cdc3e3a
SHA1:
308c8cbf54309f9fd4e9312ab5c5d57719db87f1
SHA256:
61F91F0D7D6E97E62A3BC545A0A8542B46CF678461CB2284A408BE5AE5BEFC31
File Size:
8.42 MB, 8421296 bytes
|
Show More
|
MD5:
a30535e15dd23a7ea824b1e2b939f760
SHA1:
2182cc7cdbe7bd50e4739acd4292a89878c0b189
SHA256:
126F543B9F63AFC5EFA3BDE4034C07E5D18F3C61296FACF2DD4D80E295135AF2
File Size:
7.73 MB, 7730288 bytes
|
|
MD5:
7ca386a2f24ff35c2bd7b2b736ea3557
SHA1:
7d5b3ea6f29582adc263c9f696fb36ed97cc1535
SHA256:
32C0A6B9973ADD41A56424368BAA90D7C30C4321FC99D1E07B2BB9C78A2A1CF1
File Size:
7.62 MB, 7622336 bytes
|
|
MD5:
41b0507051f91e438b9241f45c9b76ec
SHA1:
650afc1f5e8954b9f3559bbcf0edd29cf90ae850
SHA256:
2EAC70888EE7747E268C4C05D1F9CEF5A94CF9BCE550D5FEC39C63596C79E604
File Size:
8.23 MB, 8233776 bytes
|
|
MD5:
29cb17f4036185660f3abf2a884f0292
SHA1:
f25239bbd7a8f5929b1c52fe59c17202e9b24335
SHA256:
B3FA7092ECC7670C2A3FB787CF01FC8D788E802855C9237AAFDDB2AEFA16B952
File Size:
7.57 MB, 7574672 bytes
|
|
MD5:
a8570ad0fb07e7efdec850ad665b5658
SHA1:
d0afdb5b270a0bc86610f1b9172420234173d63b
SHA256:
0919CCEB437597E07F74E7F1198144DFFF5FF652135288859503341EE83F2755
File Size:
7.33 MB, 7329224 bytes
|
|
MD5:
6ba166eabd8ba07b3d5c80604f380146
SHA1:
6d0084e543666452d57ccea3a5ba64aaea0a1066
SHA256:
1D4F5163D60F048310FCED17550DE26F13253654B463B8499DEBC4043C528E27
File Size:
7.34 MB, 7344152 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | For additional details, visit PortableApps.com |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
|
| Portable Apps.com Installer Version |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Rare Ideas, LLC | Rare Ideas, LLC | Self Signed |
| Mozilla Corporation | Thawte Premium Server CA | Root Not Trusted |
| Mozilla Corporation | Thawte Premium Server CA | Hash Mismatch |
File Traits
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\browserconfig.properties | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\browserconfig.properties | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\chrome | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\chrome\pt-br.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\chrome\pt-br.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\chrome\pt-br.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\chrome\pt-br.manifest | Synchronize,Write Attributes |
Show More
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\crashreporter-override.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\crashreporter-override.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\crashreporter.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\crashreporter.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\pref | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\pref\firefox-l10n.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\pref\firefox-l10n.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\bookmarks.html | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\bookmarks.html | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\chrome | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\chrome\userchrome-example.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\chrome\userchrome-example.css | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\chrome\usercontent-example.css | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\chrome\usercontent-example.css | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\localstore.rdf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\localstore.rdf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\mimetypes.rdf | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\defaults\profile\mimetypes.rdf | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\old-homepage-default.properties | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\old-homepage-default.properties | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\readme.txt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\readme.txt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\buscape.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\buscape.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\google.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\google.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\mercadolivre.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\mercadolivre.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\wikipedia-br.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\wikipedia-br.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\yahoo-br.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\searchplugins\yahoo-br.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\uninstall | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\uninstall\helper.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\uninstall\helper.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\updater.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\localized\updater.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\accessiblemarshal.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\accessiblemarshal.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\application.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\application.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\blocklist.xml | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\blocklist.xml | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\browser.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\browser.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\browser.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\browser.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\classic.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\classic.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\classic.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\classic.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\comm.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\comm.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\comm.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\comm.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\pippki.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\pippki.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\pippki.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\pippki.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\reporter.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\reporter.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\reporter.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\reporter.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\toolkit.jar | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\toolkit.jar | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\toolkit.manifest | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\chrome\toolkit.manifest | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\aboutrights.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\aboutrights.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\aboutrobots.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\aboutrobots.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\browser.xpt | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\browser.xpt | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\browserdirprovider.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\browserdirprovider.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\brwsrcmp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\brwsrcmp.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedconverter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedconverter.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedprocessor.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedprocessor.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedwriter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\feedwriter.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\fuelapplication.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\fuelapplication.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\jsconsole-clhandler.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\jsconsole-clhandler.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsaddonrepository.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsaddonrepository.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbadcerthandler.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbadcerthandler.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsblocklistservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsblocklistservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbrowsercontenthandler.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbrowsercontenthandler.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbrowserglue.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsbrowserglue.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nscontentdispatchchooser.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nscontentdispatchchooser.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nscontentprefservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nscontentprefservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsdefaultclh.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsdefaultclh.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsdownloadmanagerui.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsdownloadmanagerui.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsextensionmanager.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsextensionmanager.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nshandlerservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nshandlerservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nshelperappdlg.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nshelperappdlg.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nslivemarkservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nslivemarkservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nslogininfo.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nslogininfo.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsloginmanager.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsloginmanager.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsloginmanagerprompter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsloginmanagerprompter.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsmicrosummaryservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsmicrosummaryservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsplacestransactionsservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsplacestransactionsservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nspostupdatewin.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nspostupdatewin.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsproxyautoconfig.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsproxyautoconfig.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssafebrowsingapplication.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssafebrowsingapplication.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssearchservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssearchservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssearchsuggestions.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssearchsuggestions.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssessionstartup.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssessionstartup.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssessionstore.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssessionstore.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssetdefaultbrowser.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssetdefaultbrowser.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssidebar.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nssidebar.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nstaggingservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nstaggingservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nstrytoclose.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nstrytoclose.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsupdateservice.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsupdateservice.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlclassifierlib.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlclassifierlib.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlclassifierlistmanager.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlclassifierlistmanager.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlformatter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nsurlformatter.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nswebhandlerapp.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\nswebhandlerapp.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\pluginglue.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\pluginglue.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\storage-legacy.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\storage-legacy.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\txexsltregexfunctions.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\txexsltregexfunctions.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\webcontentconverter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\components\webcontentconverter.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter-override.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter-override.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\crashreporter.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\autoconfig | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\autoconfig\platform.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\autoconfig\platform.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\autoconfig\prefcalls.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\autoconfig\prefcalls.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\channel-prefs.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\channel-prefs.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\firefox-branding.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\firefox-branding.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\firefox.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\firefox.js | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\reporter.js | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\7zs4ae0.tmp\nonlocalized\defaults\pref\reporter.js | Synchronize,Write Attributes |
3199 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| Anti Debug |
|
| User Data Access |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
.\setup.exe
|
