Trojan.Agent.NAO

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Agent.NAO
Signature status:	No Signature

Known Samples

MD5: f9867c277a9225d3820005b74c3b2f0a

SHA1: 26af641eb8b2f0a625328324fa15cd31800ab581

SHA256: C192F10E1F730432B6537BC2A8F67A4DFDC7EE1A2C319CDB298828B659ADB4A7

File Size: 7.40 MB, 7399528 bytes

MD5: fdc3a5aa09dcbd6b7a253b90c0af92e3

SHA1: 9491f8b8ff120d7e145c519c8ba3be75f4f42e1c

SHA256: 885CF911DC3DD48696577C12473D4F3174511DABBEE5B7CA2F1A668431E3E581

File Size: 7.35 MB, 7350368 bytes

MD5: cb45eebcaade5053b134191e7b44db38

SHA1: c7d4ce3b0df776d238a2cbf25e928309fb74d647

SHA256: B0901C0F539B94300BE10E95610237C56165214EDA20CFFBB5A9E64C60693F18

File Size: 6.88 MB, 6876104 bytes

MD5: b951d1d728f73b36700bdc73f5da3f39

SHA1: e3721b3022924818a80a714e5f33bef866eac56b

SHA256: CC23F0E99742FBB46ED2201C379E72F78E44F973D60D8E2F8C3FC7E097B78E86

File Size: 8.33 MB, 8325241 bytes

MD5: 86042ed2d19c092035b90f3f69c677dd

SHA1: 38183d301a17d0e41fe011d80d299e011f191579

SHA256: 78AFFDE9092EDB9B45FFAB417EBDE388E8CDE2E5978041E3071EBB0F44F9B2A7

File Size: 5.76 MB, 5760536 bytes

MD5: bb2b7737a299215f34429b32f4037b3b

SHA1: d2797db4bc2614aafa6b871a18531c58bc2d23ac

SHA256: F7ECA6ADC078CF4469168B30FE1299425B1E45C093663243468DC27433643817

File Size: 6.16 MB, 6158560 bytes

MD5: e31bb9578316a3ce541f2d92850f8676

SHA1: 38eb6f9f7b91a85fb9ea132bd5560bd66e0b111d

SHA256: D9FAE7BCB40D2C4DD4BFE1A87AB4B756FD8DB714E1BB97B531ED58E754F87D72

File Size: 7.39 MB, 7386728 bytes

MD5: b361260df996c1ac7be48b43c34a6ad4

SHA1: feea68fceb7dec6631644222a0ae19477cf2b09c

SHA256: B00C827043F7090E8741AD1C48C38307D166834E7FA94618E4A78B3911619BB1

File Size: 7.38 MB, 7380705 bytes

MD5: f13a7edd1224975677c387604d96dd7e

SHA1: e28499f3e3950f2df876d194e385c6aaa0f47040

SHA256: 962B741132C67F5CB41FC2DD0D16B48AA56BAE543D5C9132E105DFE424850811

File Size: 7.62 MB, 7623289 bytes

MD5: 3be59a6524ee18980e22624dd49a423a

SHA1: e8e7f9c62c69e33ace35ecf4796a81d135eafe25

SHA256: A1FA3C9986B5A3748DE13E58CBD677C8B601177F0CF838674EECB6B971800C84

File Size: 6.26 MB, 6261473 bytes

MD5: 082616e3cd81617dd376d53affc111f4

SHA1: db03c923eea71f933d9fdf5772f23cbeaa252928

SHA256: A690CF269BDB59046E72F6F667862FD0DE084FB9EFA0EB9F369B7163C459BC52

File Size: 7.42 MB, 7418081 bytes

MD5: 5a965bf02db9536cf98ac327933f1dd0

SHA1: 85b779593d30b6154e5b1042cbbd055ec73c4899

SHA256: A8A831B8216C657F1FD3633A69BD36AD12C479C1DCC76CB6FFD2EC1F4C92E77A

File Size: 4.34 MB, 4339626 bytes

MD5: 2a431e1915e2234cd9ea770f336bf3d0

SHA1: fa1bee65150955f36dfcffaaaf99958c4223d4fa

SHA256: 7C8EAF07160CFD72089E5D3CED0334DFDE810C556AD21401C410501056891CB5

File Size: 3.78 MB, 3780992 bytes

MD5: d26f7e6311dad495f9a653f0d487c8fe

SHA1: 653c87d7876b19deac472ce8498143758b907f72

SHA256: F1346352AF402EA264E07FA2BB565FCC15FBD33ABD1E7CB62F14053E9056F9D5

File Size: 4.86 MB, 4859928 bytes

MD5: 152959baaa72ca7ba3f3db326620ce3b

SHA1: 936c76c54f40a55ba6c4deab7807e42b7e4ddf57

SHA256: 9B0A6A267AE459DAAB4AE4965BEAFA36CADE131F0427CE8214F8D1E30BE0ABEC

File Size: 5.42 MB, 5421056 bytes

MD5: 5cbe599ce94ee2026a1f12cd5cceaeb2

SHA1: f08f0a8b073ee92ef59c32c206877c42357dfc1f

SHA256: A0A5AD118084B1F7BB1DEA410BAF5D882124F9896FE092F3BB44F4DDDAFEB37E

File Size: 6.89 MB, 6890417 bytes

MD5: 500d46d4b2120182bbbe553df353854d

SHA1: 195eb378b1db949bb01830458fda4ec8162bb1f5

SHA256: 64155A77E87C376337249924EF57B1A3490403F3B6588CF7F282B19A3621216D

File Size: 7.33 MB, 7334512 bytes

MD5: 4e28dbeeaa23fd9dd546a2e8afa69a6f

SHA1: fd4d220747f62bdcbc04fbc5fc6a153d22a5fc60

SHA256: 45EDB37A78DF3729AE851D4980F39DE46F667B06A04F9A50D952243B1F834249

File Size: 5.77 MB, 5767584 bytes

MD5: f8ff13fc27e35adb4ed1eddea6adde16

SHA1: c2e57d9c159c86a4b5e152915d0787464498e9f2

SHA256: 297590CE969C2D3F234867126F68F90F40972C9EAA4EE79D49695A19B915A2CB

File Size: 6.51 MB, 6505081 bytes

MD5: 8a6ee088ebc54aa48781bc98cf2733e1

SHA1: d055f3bbf0473038d3db70ad2cfd031a68d8fb1e

SHA256: DE076FE11F0E2FFDBD04337E7228EA773879AAC465472D87FD22C57C8BF3F8AD

File Size: 4.33 MB, 4327850 bytes

MD5: b4ac58b67542b550b53046add6bce766

SHA1: c19606948e57a60b094446f0ddd356739570d2a7

SHA256: 7F5973EED933B154743260199BD481B637FCE11424BDE9C8EEA4959E6E380167

File Size: 4.33 MB, 4331434 bytes

MD5: 4bc6ff12755bb409fca1684f2a7196b3

SHA1: d253f495b7e0b9a6f4591dbd28672111df28dd76

SHA256: 2B32547C70C0EE51F7DECCE12E128B8F29CA2CC269EF9C38FA2B99E33DECEF7F

File Size: 7.42 MB, 7418593 bytes

MD5: 5a4347f6f1ad8d112751844030741226

SHA1: 512b260b06e870c6414cd15bfea203b3bab64283

SHA256: 397031B3935DF1F2CA25830E2A03A16877FA45A3205266FD0B478917FA20731F

File Size: 7.38 MB, 7380705 bytes

MD5: aafa7aeb108318855121bb36b76916aa

SHA1: 4d720f9a9da92c2f6c550d7e6d453df42e142797

SHA256: A506BF2B7B172EE788EBDFAA97415B15B5383B5E220BD3A581F559A4A43963EF

File Size: 6.29 MB, 6290984 bytes

MD5: 16701bae3087c743758302d5f511c684

SHA1: 62d89d13d07bbfcea54ae356f440f73559a30bd6

SHA256: BA2006219BB75AC5D0BE0FA6826F3648B9CF15A975E21675A2B7A29084544F2B

File Size: 8.02 MB, 8021592 bytes

MD5: f148fcfbbc083bd61d433973330da2b1

SHA1: bf551339b9aaec3d5d307bb765f300995e2d5454

SHA256: 079E6BA1AFC79421ABDD0986571CC6A4FA0650901E4BD694E986AE351939C350

File Size: 7.62 MB, 7623289 bytes

MD5: 9a2c4f66374926794696cd397eeec6a3

SHA1: 90d0bff6ad50a17b87c2bc888197c9e526374a49

SHA256: 750D2DB35ADFBCAC719022CC960C91765EF0D669E54E356D2AB598F829E3E31D

File Size: 5.76 MB, 5760536 bytes

MD5: 833b30e571b908e9802234d5eedcb633

SHA1: b99d23afb84b2db1b71f57b9a7c3caeda0005657

SHA256: 1A046440D006611DE407D39EB66AED462860BCA88D2C0AFC17F7691673FBE6B6

File Size: 7.59 MB, 7587449 bytes

MD5: d8c24e8119f74b4578f28bc205261d35

SHA1: 23d5e0b4c289c59977b16dc3aa1617f339e2285e

SHA256: 5BA94A46B3CACE13046CDD738C2B4928DE817DE4E74A1BFFE543C67772C27D42

File Size: 5.47 MB, 5470122 bytes

MD5: a8ca07cc988e8751fa3948713ff74345

SHA1: 96731c1fe9eda0007ba47b1d9a8afb94cc0f42cb

SHA256: 4967424B0F304624F9BC2B6726EB3FF5C9C7A036488D6FEB6D7E307FA4A6ADA8

File Size: 5.76 MB, 5760504 bytes

MD5: fb6b345467ff27acceec002a48ad9682

SHA1: 793f5bd70c119a0422c5324e6e7e22be90fe4795

SHA256: B10C38D444406C0C6D96C86D31746222688A0386C6B4F2143563F656FEAAED05

File Size: 5.83 MB, 5832064 bytes

MD5: d4d21f56f80cee69d04d6d8ac899f60b

SHA1: b5a3c40a91373ddbeb4f841b970d1637aac00694

SHA256: 8B109FEC67AE7C61419C944518BEE608F25B6171746EAD1FB4B00FE57DDF49D6

File Size: 7.59 MB, 7587449 bytes

MD5: 66c62472718bb26a8cac1f2928d38532

SHA1: 515e100c556e9c495b8247e16947eba00d128b85

SHA256: 41912850D30AF02649C37643FB8FDA5D5FBEA9603432E5EBEDBE5D593AC91F04

File Size: 5.46 MB, 5463466 bytes

MD5: e7f1e6d1c1ff0745d08ccdd71a8a18a6

SHA1: f3ad7b48ee44fa27740a6232de87593411cb618e

SHA256: 331A20697AFE0DE776E050CA37B5ABCB17C6171C8F3D3A7BA3CAF86B97E933EB

File Size: 5.06 MB, 5061752 bytes

MD5: 5232f0ff915e6d1a83827101aebf3353

SHA1: f250171e082ba2460c053071bd0ab9990526f146

SHA256: 3CC407B52C4AA05946067372AF0BB4C25D85D11E3C85B9ECB303FAB8073E874C

File Size: 7.61 MB, 7606905 bytes

MD5: 3e693c3fb2ac34378d1c3d16605f113e

SHA1: 22ac232b5da38abf851785ca77c108c28d56babc

SHA256: 09B3423922D65CC757231D00769595C6C59DDFD6B47EAF5526F19E09FDF03E24

File Size: 5.16 MB, 5155456 bytes

MD5: a756d3e9bfc14455758f35f0e33c920c

SHA1: 32ff2fe3270cbf5d5968e3ed722b888c2eaecc29

SHA256: 213696BDC8E0F16FB3C52414C5FC2E21E71A215828E47D1CE4C7453D08D60375

File Size: 6.02 MB, 6015208 bytes

MD5: 3630e6b9efc484a814a916eb09dcd54b

SHA1: 567f4375282f26fb18d91ea504f1248686f926fb

SHA256: 2F9B1681D0AA661530E146A4A24D13D4B42AA90E8076E3F5CFB2ADD04E76F764

File Size: 5.76 MB, 5760536 bytes

MD5: caacce7dbf3a0290a0ba9b8ba69b6e57

SHA1: 0ee3c061c08f2338c3b8f1959ffdd8e86e98e706

SHA256: 0EDA7E8FC69C83B31F2700CF267E225F1D059A1C494A2CCBE3E62F213D6551AC

File Size: 5.86 MB, 5862321 bytes

MD5: 10bb69114955c0decffa8a2c08109906

SHA1: 0e083ba0e46936a67ed0b06d51f6519bb870b28c

SHA256: AF555B0164E13034CF594929DC8DB0FD8C1E8CF2D96C1FA197DA9A1EE85CE284

File Size: 7.59 MB, 7587449 bytes

MD5: cb97831821f433064b948c378f4bb197

SHA1: 2b02f31ba0007a234b63d2a0d042b2f44f52f0c7

SHA256: 786EA1F4807416EB368AB5E011782DD9A279C2B3F705986C045F40F8CF6A987E

File Size: 5.76 MB, 5760536 bytes

MD5: e9dce890236b354f68cd7fc4c0071b51

SHA1: 3fa71381192e79c92ddefb66a4280a0aeaf613ca

SHA256: B38FF7352CF7DCD31C64ACBC506AB15253BD6D0E55967230ADB4F57E7C2F9CBA

File Size: 8.21 MB, 8211528 bytes

MD5: a7e03037cd3a75d455ce27bf6b782b4b

SHA1: 9ea8e12798833f587f4f570a0c88fb26cd55476f

SHA256: 96E14C2B57F25E3311FFA71B7321398CD4914C6A170B6F32720F9BC9B1527212

File Size: 7.62 MB, 7623289 bytes

MD5: 37d3e10d1c137a8170e734d4cd7c976c

SHA1: 78bb3f1a38da2eb800c6fc8c08e9741d510aaf29

SHA256: B4E5D584D42DC2ABAE8D0B355E06A733D04D04BC1AEE04B6F27E6C16663678E1

File Size: 5.17 MB, 5171600 bytes

MD5: 83c28634b635763d9a6570af0f39b129

SHA1: c396a2d65c02e172ed889f51b5df682be642b8ac

SHA256: 6CE7C2DAFED9B7BFAA40EB63733FE4245F72ACCD356AD0946CD64C2C8DBF7E18

File Size: 7.69 MB, 7688313 bytes

MD5: 33bcf4d57d7b973fb192d17e3c917563

SHA1: e36c6b4aa5f1db6463d47c32178c3a879c115e34

SHA256: 28F54A4D6E0B98FE4C999395355C59D1C1031870B8A3F778811FC4213C02063E

File Size: 7.00 MB, 7002440 bytes

MD5: 4207890fdedbe5f77ace69b35820b99d

SHA1: b0d10e9a7411bb0e3835bc80058bd44b7030d5b0

SHA256: A92CE71EC454B65C9CFCCE7956316CD9FD27CF426F2355E0AC67ED1A9740D0D2

File Size: 4.24 MB, 4241320 bytes

MD5: 76921f735cf8d23680c75e4d03c9bce1

SHA1: c402074930e577add3a532c15afafebb8333dd45

SHA256: A404C0CA42EC26ECB874277725818CD7EB26E3BD4588D7AAE51A856A1479BE36

File Size: 8.03 MB, 8028224 bytes

MD5: ec34a80caae6edfbf4d76cb0d57c2a4e

SHA1: d882cc0bdcd3bcfefdd0f3a04830af2fc3b2df2f

SHA256: 3B916C4E6B93A514C423B9D0F5EA7240348DBB35A45F51926256A7A2CF875EDC

File Size: 6.48 MB, 6483065 bytes

MD5: 76e76b5e9ac0df5a0a33caff7c071829

SHA1: 2d7c249c448d3506929ff8ec1f7ee12a1fd40766

SHA256: C73C4DD1B14D8DCCF12EE9F436E73A249C8EA658F9669DD37203D803659AA3A5

File Size: 5.76 MB, 5760016 bytes

MD5: 7615d630c581cfe0c1ddf24b5e932c0e

SHA1: 16d623bfb20fe6ccd53ebcc3e3785024b3eb733f

SHA256: 9851861695C8BE52DE71E6CBCBAE948AFBD971406C8326A218A55D23A6A1C248

File Size: 4.43 MB, 4426544 bytes

MD5: 949ac9dfce1b19ebed9b203ef58722ab

SHA1: bd1a4afc8784b524c4bbcc178b1fe96fbab58009

SHA256: EBAF9FF16DB5F4216C82AF1E37BF23A2C3C468D92C199B7C3AC2C01E0E539085

File Size: 7.30 MB, 7298167 bytes

MD5: 9abb031b6c01081844727420a63f5ea1

SHA1: e5852ad39030014169c372affb5c0f76d2e2f365

SHA256: 2B6A861D431024FF11DDD37AE1E3A85B6FCB1C7BF710AC72010EEADC30DACA20

File Size: 6.26 MB, 6261473 bytes

MD5: 7d7423f80e31062c31fc949a6248aade

SHA1: e3ac03f79646653ebbfac2064feefe800385a047

SHA256: 7973025F8CDAFD234072A4EEE58EB5DACCA09FDDAFE42CD3D72CBE14F8B37012

File Size: 5.85 MB, 5847985 bytes

MD5: a68a7e3db6457464387ad1e7f1402ca5

SHA1: 2ff50e0a570521e0186be1b17a7233020d273752

SHA256: B16837F8055E18652463C67EFEA474595232824DA1C3A88D1508D718CA3EBEA4

File Size: 7.69 MB, 7688313 bytes

MD5: 526ba1fdd8092cbaab6f98bc21c08c8e

SHA1: 8af6045e672149e6eacc16bb7ac8a520e5f1cee8

SHA256: BDA95D4362F0C89E0C4DD4AD191209D5C29C5A1071FBCECA0AA4F39DD54A4550

File Size: 5.81 MB, 5806504 bytes

MD5: b3afeedf09c43a13642a2bc53a0dcff4

SHA1: 0aff74c7643ba13801cee8f82041d8c040ab680c

SHA256: 4BFA6D2DE7E1C0D0A70D39124590EA8E375CBC78BFC466A21A98A2771E26B7BB

File Size: 4.92 MB, 4915704 bytes

MD5: d570dd2b678c5ee21d6e6475c396999f

SHA1: 9eca634978d4927b3d3a1041072f26147a14654d

SHA256: 2FCBA3C588BFCC11D725984DDEE7D296878629E7F9CAF2A24C5257C5BE36B431

File Size: 3.79 MB, 3791760 bytes

MD5: b92efaffd9972623cb9e08d72935cae7

SHA1: 9fedc89fbd8556bafb55b7983db22751dc0a20ea

SHA256: 727DE64A24A04C3DEDD2C27B33A8DDA17E81D1D5C7EEE58818A5CE36DB4306E6

File Size: 7.62 MB, 7623289 bytes

MD5: f34c2c70df8da67e819bbb3630c6a46a

SHA1: 90482f4fe99097345a6516f2e8255eb1954a0c98

SHA256: 801258F9574728C942BF7B40A7C2BF84000974C79FF4832C02A9B094164ADA69

File Size: 4.86 MB, 4859904 bytes

MD5: abbd08317195d8aea732f31609fd59d6

SHA1: 4222bba7bcda484e76ad1adb540f038808596977

SHA256: 0D98D7FF1E7A2870DBB23F17B92E1337078E67D158A6F3F282D8E8E0E0294061

File Size: 7.59 MB, 7587449 bytes

MD5: 064fcdc2221964956369abdc98e63b10

SHA1: 306b8a33c89fe7f966f8461e1c7d8f8ceedbbbdf

SHA256: B0527132FB23382404E05D52436FC324BB062651D6691924500B77F74D998EEC

File Size: 5.76 MB, 5760528 bytes

MD5: bd1cfb22c2fb56ffa3d199a723531ff4

SHA1: 9ad805cde0d3dd5ab3c3ad870e0530bb3f7ad3e0

SHA256: 3C6B8FCF30ACA6EB9F077C63606EBD101CA8CD09748415F37D32F8582FB3D4A9

File Size: 5.76 MB, 5760544 bytes

MD5: 944a4445a2787cdf0825676b48b0ca46

SHA1: e8124034e8aaedc01a5075ad9a4783fad107aada

SHA256: 7A9C0CD34B489810E4B8FC5AE532F174627B75563065E7A656224ABC1790227C

File Size: 8.06 MB, 8061016 bytes

MD5: 117b3355e6d6a63e8ad040201fd92d2d

SHA1: bf620a8673bf0cc1cada6387c9fe67be7a8c08c2

SHA256: 7D229113D418E1137E746D9B5F6A191A59C4E4BDCF08E9253C69BD4B3F407BB3

File Size: 7.69 MB, 7688313 bytes

MD5: 6b87dd1fae7c8de04787dc99cab49aa0

SHA1: 2428fea13210ccd53e1de55463b6b8c615297565

SHA256: 81C0619F57CA317173078EF7433D8D8282EA6536D2ACE99FA9689A1EECE3BE09

File Size: 7.62 MB, 7623289 bytes

MD5: cfdaf25e1d014f0592ea75d4e2acb798

SHA1: fa551f18146a26b238e0928a296bd70f7b384b8c

SHA256: AED0B614681E36F654C408A622CE8F366466A35C9A56649E1C694C1591BC813D

File Size: 7.69 MB, 7688313 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	https://rufus.ie This installation was built with Inno Setup.
Company Name	1ubtitle Works6T1 6ubtitle Works6qV Akeo Consulting cfbcE93 Colin Harrison Color Cop Team Disktective dmerald Editor Commu5M7e Fast Archive Extractor Green sea Show More Igor Pavlov Jubtitle Works12e Long term Ocean Crate Pocket Zip sfbc09c
File Description	1ubtitle Works6T1 6ubtitle Works6qV 7z SFX Apex store Color Cop Team Disktective FAE Glorious pack JDiskReport Jubtitle Works12e Show More misk spin-up utilZEx Orimson Editor SVN2jW9 pzip Rolling tar Rufus Xming Setup yisk spin-up utiliOO
File Version	VN286M English 23.01 9.3.1.9 9.3.1.1 6.9.0.31 6.0.0.0 5.0.1.0 5.0.1 4.3.2090 2.7.1.2 Show More 2.2.0.0 1.8.0.0 1.5.0.0 1.4.1 1.0.0.1 1.0.0.0
Internal Name	7z.sfx 7zS.sfx ApexRecord.exe colorcop.exe Disktective FAExtractor.exe gpack.exe JDiskReport.exe pozip.exe pzip.exe Show More rtar.exe Rufus
Legal Copyright	1ubtitle Works6T1 (GPLv3) 6ubtitle Works6qV (GPLv3) Copyright (c) 1999-2023 Igor Pavlov Copyright (c) 2005-2024 Long term Copyright (C) 2006-2007 dmerald Editor Commu5M7e Copyright (C) cfbcE93 Copyright (C) sfbc09c Copyright © 2005-2007 Colin Harrison Free Freeware for Windows XP, 2000, NT, 95, 98, ME Show More GPL v2 Jubtitle Works12e (GPLv3) © 2011-2023 Pete Batard (GPL v3)
Original Filename	7z.sfx.exe 7zS.sfx.exe ApexRecord.exe colorcop.exe disktective.exe FAExtractor.exe gpack.exe JDiskReport.exe mysql-installer-web-community-8.0.36.0.exe pzip.exe Show More rtar.exe rufus-4.3.exe
Product Name	1ubtitle Works6T1 6ubtitle Works6qV 7-Zip Apex store Color Cop Team Disktective Fast Archive Extractor Glorious pack JDiskReport Jubtitle Works12e Show More misk spin-up utilZEx Orimson Editor SVN2jW9 PZip Rolling tar Rufus yisk spin-up utiliOO
Product Version	PocketZip.exe 23.01 9.3.1.9 6.0.0.0 5.0.10 5.0.1.0 4.3.2090 3.7.2.0 2.7.1.2 2.2.0.0 Show More 1.8.0.0 1.5.0.0 1.4.1 1.0.0.0

Digital Signatures

Signer	Root	Status
Germ Fatigue	Alive Scheme	Self Signed
Get Catch	Apprentice Cloud	Self Signed
Free Science	Come Around	Self Signed
Failure Flesh	Content Rainbow	Self Signed
Get Numerous	Crayon Carriage	Self Signed

Inward Hood	Donkey Drive	Self Signed
Curious Laptop	Exhale Insult	Self Signed
Whore Through	Expenditure Toll	Self Signed
Handsome Desk	Exuberant Cucumber	Self Signed
Jolt Peacekeeper	Get Out	Self Signed
Game Come	Howl Once	Self Signed
Bold Neat	Intimate Giant	Self Signed
Fishing Urge	Keep Event	Self Signed
Axis Stool	Kick Cringe	Self Signed
Lippincott Determine Group	Lippincott Determine Group	Self Signed
Contingency Rifle	Mosquito Dress	Self Signed
Intend Content	Mount Mean	Self Signed
Discrete Nausea	Note Proper	Self Signed
Otherworldly Spherical Group	Otherworldly Spherical Group	Self Signed
Chemistry Mindful	Out Fling	Self Signed
Warden Helicopter	Pair Memory	Self Signed
Preach Expertise	Receive Law	Self Signed
Plight Pie	Recess Luncheon	Self Signed
Hustle Off	Saddle Scare	Self Signed
Habitat Boulder	Scout Point	Self Signed
Somers Smoothest Group	Somers Smoothest Group	Self Signed
Shaft Speculate	Start Incline	Self Signed
Suppresses Blustery Group	Suppresses Blustery Group	Self Signed
Evaporate Bone	Thief (UV)	Self Signed
Induce Partition	Thump Raisin	Self Signed
Salvage Ghost	Ticket Rod	Self Signed
Tier Disperse	Wake Wretched	Self Signed
Chitlins Pigsticks Unenciphered	Wizard Tsui Undercircling	Self Signed

File Traits

7-zip (In Overlay)
7-zip SFX
big overlay
HighEntropy
InnoSetup Installer
Installer Manifest
Installer Version
No Version Info
x86

Block Information

Total Blocks:	1,650
Potentially Malicious Blocks:	227
Whitelisted Blocks:	1,337
Unknown Blocks:	86

Visual Map

0 x 0 0 0 1 0 1 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 x 0 0 x x x x x 0 x 0 0 0 0 x 0 0 0 0 ? ? x x x x 0 0 x x x 0 ? x 0 0 0 0 0 0 0 x x 0 ? ? x 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x ? 0 0 x 0 0 x 0 0 0 0 0 0 x 0 x 0 x 0 0 x 0 x 0 x x x x 0 0 0 0 0 x x 0 0 0 0 x x 0 0 0 x x 0 0 0 0 x x 0 x x 0 0 0 x x ? ? ? ? ? ? 0 0 ? x x x ? x 0 x x x 0 x x 0 x x x x x x 0 0 0 0 x x 0 x x x 0 0 x 0 x x x ? x x 0 x x 0 x x 0 x 0 x x 0 x x x 0 0 x 0 x 0 0 x x 0 0 x 0 0 x x x x x 0 0 0 0 ? x x ? x 0 0 0 0 0 x x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 x 0 x x 0 x 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 ? x 0 x x ? 0 ? 0 0 0 x 0 0 ? ? x ? x 0 0 0 x x ? 0 ? 0 ? x x 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? x 0 0 0 ? 0 0 0 0 0 x ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 x x 0 0 x 0 0 x 0 x x 0 0 0 x 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x ? 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 ? 0 x 0 x 0 0 0 0 0 0 0 0 0 0 ? x 0 x x x 0 x 0 0 0 0 ? 0 x 0 0 x 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 x x 0 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 x 0 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? 0 0 x 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 x 0 x x x ? x x 0 x ? x 0 0 0 x x x 0 0 x 0 x ? 0 ? x 0 x 0 0 0 0 0 0 x x 0 0 0 x 0 ? x x 0 x ? x ? x x 0 x ? x x 0 x ? x x 0 x ? 0 ? ? x x x x 0 ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 x 0 x x 0 x 0 0 0 x 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? x x x x 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 2 0 1 0 1 1 0 0 1 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.GHB
OpenSUpdater.GH

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs0436c01f\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0436c01f\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs05dca283\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs05dca283\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs067b175d\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs067b175d\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs06a42e9c	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs06a42e9c\setup.exe	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\7zs06a42e9c\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs07344f41\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs07344f41\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs074bd6dc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs074bd6dc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs08a670f3	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs08a670f3\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs08a670f3\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0a2676e5\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0a2676e5\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0c5a7cf0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0c5a7cf0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0c5a7cf0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0e0f0670\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0e0f0670\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0e9625dc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0e9625dc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0e9625dc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea628ac\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea628ac\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4154c70e	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4154c70e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4154c70e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4243ae57\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4243ae57\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs42f5bdbc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs42f5bdbc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs446652f0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs446652f0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs446652f0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4542bef0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4542bef0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4542bef0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs45ff64b7	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs45ff64b7\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs45ff64b7\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4731e09c\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4731e09c\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs484dcd8c	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs484dcd8c\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs484dcd8c\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4a0476f0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4a0476f0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4b5934b0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4b5934b0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4bf992ec\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4bf992ec\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4c6ff942\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4c6ff942\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4ee070d0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4ee070d0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f37f7d1\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f37f7d1\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs807cf62e	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs807cf62e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs807cf62e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs80e9e29c\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs80e9e29c\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs82b11fec\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs82b11fec\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8507d979\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8507d979\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs86fff56b\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs86fff56b\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs876cdebc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs876cdebc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs876cdebc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs885783ec\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs885783ec\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8875940e	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8875940e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8875940e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs89322b61\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs89322b61\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8ab0de8c	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8ab0de8c\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8ab0de8c\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8c555d80\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c555d80\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8c5d27cc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c5d27cc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8d6c7952\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8d6c7952\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8e282bcc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8e282bcc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8e282bcc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8eba97ea\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8eba97ea\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8f562bd0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs8f562bd0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8f562bd0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0639edc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0639edc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc08dee7e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc08dee7e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc15fa2d0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc15fa2d0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc3270770	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc3270770\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc3270770\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc3c4cff3	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc3c4cff3\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc3c4cff3\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc4e7fce0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc4e7fce0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc4e7fce0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc9c9a5cf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc9c9a5cf\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc9c9a5cf\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsca5f247e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsca5f247e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsca6da4fc\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsca6da4fc\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscabbcfe3	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscabbcfe3\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscabbcfe3\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscc70eff0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscc70eff0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscc70eff0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsceaf4580	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsceaf4580\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsceaf4580\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscebbe8b0\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscebbe8b0\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscf47a980\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscf47a980\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscffc1d40	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscffc1d40\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscffc1d40\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-040dg.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-04ue1.tmp\is-bj8dk.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-0fp3m.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1bqsc.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1ob7e.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-2rg5v.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-2rg5v.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3c4d1.tmp\_isetup\_regdll.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3c4d1.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3c4d1.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-4p71e.tmp\_isetup\_regdll.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-4p71e.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-4p71e.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-5mjnh.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-5of7k.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-5of7k.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6rf9g.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6rf9g.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-79ttr.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-79ttr.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-8hrfa.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-anfep.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-anfep.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ap1c4.tmp\is-1013h.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-aq7mq.tmp\is-8gm3q.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-cdnk1.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-d95s6.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-emm3q.tmp\is-67hkg.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-g4kqf.tmp\is-0bh2i.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gfp82.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h2s6u.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h2s6u.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-i40tq.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ih664.tmp\_isetup\_regdll.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ih664.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ih664.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-jj8lh.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-jvb6f.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mj5dk.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mnpjs.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nl3gg.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-olt3n.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-olt3n.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-pc14r.tmp\_isetup\_regdll.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-pc14r.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-pc14r.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-qq0fg.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-rtnm1.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-rtnm1.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-t8mle.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tfqn3.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-u4cab.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vbqe3.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vbqe3.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msi59808.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msi978c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msib1d6.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msic50a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msic557.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msicb223.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabb38.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

41 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection Show More ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryInstallUILanguage ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetTimerEx ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnlockFile ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects 6 additional items are not displayed above.
Service Control	OpenSCManager OpenService

Shell Command Execution


							.\setup.exe


							"C:\Users\Nwweomvx\AppData\Local\Temp\is-NL3GG.tmp\setup.tmp" /SL5="$80320,2172387,54272,C:\Users\Nwweomvx\AppData\Local\Temp\7zS8C5D27CC\setup.exe"


							"C:\Users\Rsukvdri\AppData\Local\Temp\is-CDNK1.tmp\setup.tmp" /SL5="$80320,2174056,54272,C:\Users\Rsukvdri\AppData\Local\Temp\7zS0E9625DC\setup.exe"


							"C:\Users\Qrwkkhyh\AppData\Local\Temp\is-T8MLE.tmp\setup.tmp" /SL5="$6035C,2172387,54272,C:\Users\Qrwkkhyh\AppData\Local\Temp\7zSCF47A980\setup.exe"


							"C:\Users\Bkyvwqjj\AppData\Local\Temp\is-MJ5DK.tmp\setup.tmp" /SL5="$30318,2174056,54272,C:\Users\Bkyvwqjj\AppData\Local\Temp\7zS8E282BCC\setup.exe"


									"C:\Users\Xxhyavwn\AppData\Local\Temp\is-MNPJS.tmp\setup.tmp" /SL5="$D01BE,2174056,54272,C:\Users\Xxhyavwn\AppData\Local\Temp\7zS8C555D80\setup.exe"


									"C:\Users\Mvnvhnex\AppData\Local\Temp\is-AQ7MQ.tmp\is-8GM3Q.tmp" /SL4 $5032E "C:\Users\Mvnvhnex\AppData\Local\Temp\7zS4EE070D0\setup.exe" 130737 77824


									C:\WINDOWS\system32\msiexec.exe  /i  "C:\Users\Vwdwaxlu\appdata\Roaming\bfbc2jb\Disk spin-up utility\install\3455E07\DiskSpinUp.msi"  AI_SETUPEXEPATH="C:\Users\Vwdwaxlu\AppData\Local\Temp\7zS4542BEF0\setup.exe" SETUPEXEDIR="C:\Users\Vwdwaxlu\AppData\Local\Temp\7zS4542BEF0\"


									"C:\Users\Aikptlyp\AppData\Local\Temp\is-040DG.tmp\setup.tmp" /SL5="$A0086,2172387,54272,C:\Users\Aikptlyp\AppData\Local\Temp\7zSC15FA2D0\setup.exe"


									"C:\Users\Npwvlmko\AppData\Local\Temp\is-AP1C4.tmp\is-1013H.tmp" /SL4 $100242 "C:\Users\Npwvlmko\AppData\Local\Temp\7zSCA6DA4FC\setup.exe" 130737 77824


									"C:\Users\Fkltcmkl\AppData\Local\Temp\is-G4KQF.tmp\is-0BH2I.tmp" /SL4 $702E8 "C:\Users\Fkltcmkl\AppData\Local\Temp\7zSC08DEE7E\setup.exe" 130737 77824


									"C:\Users\Wprwnukw\AppData\Local\Temp\is-JJ8LH.tmp\setup.tmp" /SL5="$80334,2174056,54272,C:\Users\Wprwnukw\AppData\Local\Temp\7zS446652F0\setup.exe"


									"C:\Users\Sjgyfqiy\AppData\Local\Temp\is-QQ0FG.tmp\setup.tmp" /SL5="$90184,2174056,54272,C:\Users\Sjgyfqiy\AppData\Local\Temp\7zS08A670F3\setup.exe"


									"C:\Users\Bzgmhttt\AppData\Local\Temp\is-TFQN3.tmp\setup.tmp" /SL5="$802B8,2172387,54272,C:\Users\Bzgmhttt\AppData\Local\Temp\7zS4731E09C\setup.exe"


									"C:\Users\Oavnpwax\AppData\Local\Temp\is-JVB6F.tmp\setup.tmp" /SL5="$60364,2172387,54272,C:\Users\Oavnpwax\AppData\Local\Temp\7zSCC70EFF0\setup.exe"


									C:\WINDOWS\system32\msiexec.exe  /i  "C:\Users\Csgxfxwp\appdata\Roaming\bfbc2jb\Disk spin-up utility\install\3455E07\DiskSpinUp.msi"  AI_SETUPEXEPATH="C:\Users\Csgxfxwp\AppData\Local\Temp\7zS8AB0DE8C\setup.exe" SETUPEXEDIR="C:\Users\Csgxfxwp\AppData\Local\Temp\7zS8AB0DE8C\"


									"C:\Users\Aeywxqsu\AppData\Local\Temp\is-EMM3Q.tmp\is-67HKG.tmp" /SL4 $3036A "C:\Users\Aeywxqsu\AppData\Local\Temp\7zS05DCA283\setup.exe" 130737 77824


									"C:\Users\Ulzdrmdz\AppData\Local\Temp\is-GFP82.tmp\setup.tmp" /SL5="$902B6,2172387,54272,C:\Users\Ulzdrmdz\AppData\Local\Temp\7zS0E0F0670\setup.exe"


									"C:\Users\Ibaamaid\AppData\Local\Temp\is-1OB7E.tmp\setup.tmp" /SL5="$D0310,2172387,54272,C:\Users\Ibaamaid\AppData\Local\Temp\7zS885783EC\setup.exe"


									"C:\Users\Pvigdnge\AppData\Local\Temp\is-04UE1.tmp\is-BJ8DK.tmp" /SL4 $7032C "C:\Users\Pvigdnge\AppData\Local\Temp\7zSC3C4CFF3\setup.exe" 1923415 73728


									"C:\Users\Nwewevaq\AppData\Local\Temp\is-D95S6.tmp\setup.tmp" /SL5="$50354,2174056,54272,C:\Users\Nwewevaq\AppData\Local\Temp\7zSCEAF4580\setup.exe"


									"C:\Users\Zsvccmvh\AppData\Local\Temp\is-1BQSC.tmp\setup.tmp" /SL5="$130242,2172387,54272,C:\Users\Zsvccmvh\AppData\Local\Temp\7zS0436C01F\setup.exe"


									C:\WINDOWS\system32\msiexec.exe  /i  "C:\Users\Qpbvlufc\appdata\Roaming\bfbc2jb\Disk spin-up utility\install\3455E07\DiskSpinUp.msi"  AI_SETUPEXEPATH="C:\Users\Qpbvlufc\AppData\Local\Temp\7zS0A2676E5\setup.exe" SETUPEXEDIR="C:\Users\Qpbvlufc\AppData\Local\Temp\7zS0A2676E5\"


									"C:\Users\Gipkhqfo\AppData\Local\Temp\is-I40TQ.tmp\setup.tmp" /SL5="$60310,2172387,54272,C:\Users\Gipkhqfo\AppData\Local\Temp\7zS876CDEBC\setup.exe"


									"C:\Users\Hnmtpksj\AppData\Local\Temp\is-8HRFA.tmp\setup.tmp" /SL5="$70338,2172387,54272,C:\Users\Hnmtpksj\AppData\Local\Temp\7zS067B175D\setup.exe"


									"C:\Users\Rxeycjtn\AppData\Local\Temp\is-5MJNH.tmp\setup.tmp" /SL5="$9003E,2172387,54272,C:\Users\Rxeycjtn\AppData\Local\Temp\7zSCFFC1D40\setup.exe"


									"C:\Users\Uqgkyylk\AppData\Local\Temp\is-0FP3M.tmp\setup.tmp" /SL5="$60318,2172387,54272,C:\Users\Uqgkyylk\AppData\Local\Temp\7zS4154C70E\setup.exe"


									"C:\Users\Almutqdr\AppData\Local\Temp\is-U4CAB.tmp\setup.tmp" /SL5="$9035C,2172387,54272,C:\Users\Almutqdr\AppData\Local\Temp\7zS45FF64B7\setup.exe"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.NAO

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Vundo.HM

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen