Threat Database Trojans Trojan.Downloader-Agent

Trojan.Downloader-Agent

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 8,840
Threat Level: 90 % (High)
Infected Computers: 3,552
First Seen: July 24, 2009
Last Seen: April 12, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
TrendMicro TROJ_AGENT.UDE
Symantec Packed.Generic.187
Sunbelt Trojan-Downloader.Drv32
Sophos Troj/Dloadr-BWK
Prevx1 High Risk Cloaked Malware
Panda Adware/VirusRemover2008
NOD32 Win32/TrojanClicker.Agent.NEB
Microsoft TrojanDownloader:Win32/Obvod.B
McAfee-GW-Edition Trojan.Clicker.EQ
McAfee Generic Downloader.z
Kaspersky Trojan-Downloader.Win32.Agent.ajtr
K7AntiVirus Trojan-Downloader.Win32.Agent
Ikarus Trojan-Dropper.Agent
Fortinet PossibleThreat
F-Secure Trojan-Downloader:W32/Agent.HUQ

File System Details

Trojan.Downloader-Agent may create the following file(s):
# File Name MD5 Detections
1. project675.exe a28b6cda3ffebe14ddc143726883a63b 8
2. FunSpace.Update.Process.exe 68df2dd194db756ccf7ddf4e30c61e51 1
3. U3L35MEA.exe c2b64b4de7a7a337d50e9f332b276a0c 0
4. ieaux.dll d3dd4da48a70a021da92663b7d15cf66 0
5. install_conga[1].exe 4338ea1110896eed2d5355f6ec3bf977 0
6. maindll.dll 6fd7896ae616a0ae52dd84c678944619 0
7. xd1_v115_241[1].exe 866a09db37cc2beec90053d033a9169f 0
8. ins21.exe, insD.exe, shopper[1].exe d8f943de4c76dac5fda7877d4ec04b94 0
9. ins13.exe, ins27.exe, ins30.exe, ins37.exe, ins6.exe 88b401bb0ba7139e30ca28ae2568d1d6 0
10. PuzzleDesktop.exe 9d9078307280a6945bef24a28d14b239 0
11. tmps.exe 9ad1bd3dfd3f2d31a2d6c388580b2af0 0
More files

Registry Details

Trojan.Downloader-Agent may create the following registry entry or registry entries:
File name without path
free.exe
virus.bat

Analysis Report

General information

Family Name: Trojan.Agent
Signature status: No Signature

Known Samples

MD5: 034aeffe6d1b99d85c2471c1301ccc10
SHA1: 689ef15be29438e2b5c952e38006691e6df182ed
File Size: 3.17 MB, 3172985 bytes
MD5: 39105f8ac510efe7f5b7d6c67c2db0a7
SHA1: 52069a6f0f66c7f9192cba27899c728883f61eb7
File Size: 315.39 KB, 315392 bytes
MD5: a1bebca8b9618045a83ebf5f0dd25894
SHA1: 0bfd269195cbec4af7144009464410af04012bdf
File Size: 152.06 KB, 152064 bytes
MD5: 4e8bd96f56a7edc8e6e797ff1b2a8849
SHA1: 345bcf3ab1f384717a8829d07bfd45e96ba6c0c6
File Size: 712.70 KB, 712704 bytes
MD5: 79187c801cfeae8695908bda908ec6d2
SHA1: 4886e42d78068fdf0c81beffe41de0374d6cfee4
File Size: 3.17 MB, 3172985 bytes
Show More
MD5: 10eb5e49706f22a8deace0a2dbdc82c6
SHA1: 5b2f524fc0d7fe4fa7bf9d389ff2a8a6af51ac36
SHA256: 836AF134423747FED3A54E2F258D3C5165DDB010AEBE2DC88839988D1A733217
File Size: 259.07 KB, 259072 bytes
MD5: 982e02da0d1b4c14cf6514dfd6d8946c
SHA1: 79e005d1c8d12265766d41f989ad1c6b0175d3d1
SHA256: 51253A229E97D2BC8928021B690E5657937793E5A268B76CCA48E0AF7A0B4051
File Size: 4.32 MB, 4315648 bytes
MD5: 3fdd34dc0177d250c16ed3efdc807f0a
SHA1: f03ba3bc296375d6a7bf07fbdf37437d1bfa2e22
SHA256: A42F8140A82D6741B3A3D15A6215853AFA94E8FE8EEA27F7A134B0D00B934B5F
File Size: 5.46 MB, 5456384 bytes
MD5: df2e6b2e6960520c0f482741c79dc24a
SHA1: cb26843852dda20f03ab4998b6683f55ae2d3608
SHA256: 40AFEC8B1433B13EF1EF83579EAA332FAD5E1374319A68AF6DF7701E35397CBE
File Size: 5.43 MB, 5430784 bytes
MD5: e215575c3fee36bb0121f4db50257d7a
SHA1: 4423aacfad4fc1118c12cd66bf68aa4f236aa8a8
SHA256: 65E05A9375A7B380FB7D5015B473644EC879F418CAADE97F1808CBE6070D8EC6
File Size: 7.26 MB, 7264256 bytes
MD5: 400bd063c90795b3c746f56b20811552
SHA1: 1cf446bc8a5c1e1d06faeaedb7fe60f979ef8601
SHA256: FE45293CD5AE73720D20505E1706FF1E3A76A698CF9B5CC7F5319F27D888493A
File Size: 1.78 MB, 1782504 bytes
MD5: 91dfe7793d1ea3dea55f08435c4ea846
SHA1: 5bdb172a4954382270f8f028d02ce99e9f12c833
SHA256: 76320C125F0750F787868F351897BCE1F753FE7270D5361843CADCCD8419D71B
File Size: 84.48 KB, 84480 bytes
MD5: 80fbe78de0b2daca2c7d7713042c0647
SHA1: 0a28918f32111ab71bb3f37388d407056a54e6c7
SHA256: DEA17A69E716E42799EC824BD42D3C3438B76799792DD7AF92B82A10CD0BA972
File Size: 316.93 KB, 316928 bytes
MD5: 5ad3e10228e5e93cd23570ec095af782
SHA1: 36b07cc3f35c7250bfe20502a5825c16f399d30f
SHA256: 10CB893D05979F366FF7B5AB24D5882DD80998E1DA41226D1E171D4063935160
File Size: 9.64 MB, 9639936 bytes
MD5: ec3812058142c9ed90d7d86210d3a23d
SHA1: 61b90de3b1ecf016970ff127447087e7d6f10883
SHA256: F117BB2021A0D1B09ADB5CCA0788B41E5AFD9363B6A68255290721B89A862FA0
File Size: 3.56 MB, 3555840 bytes
MD5: 122b4555cb9cf6917f1878f66be1bd1c
SHA1: 8eaa3067768715e232067198fd96678f3641f476
SHA256: 83B17F02ED2989FD12F444F530903B12453BC39AB2056EFA501F1A6A21FC5ACE
File Size: 2.66 MB, 2657792 bytes
MD5: 5292c9e907ceb342aaefc84cea79bc17
SHA1: f37cedcb79a96452eefa5f1f4d147f1175c848de
SHA256: DBA129AFAFB0DC6FDBB679ACDDEA6913F6C634382181D492BB935A20FE41F0C8
File Size: 7.09 MB, 7089664 bytes
MD5: 540b2fe3233595acbb78b3727c44060c
SHA1: cd526ab1a8cac6534a246050d8dd777b01a88e44
SHA256: C485B5579657FF04723C13B5FEC610C64B232A0BEA58CCBF762235FE92104B6D
File Size: 6.16 MB, 6159650 bytes
MD5: aa63d45a59a56b52de7800435fdcd7c3
SHA1: 0f267739f02e29f12b1c4330cc8aebc229c8ed7c
SHA256: 2E74DD8170DA84126E8DFE0518DBF93BF885B749FCBBD4B082708C00CA6451C2
File Size: 5.81 MB, 5805056 bytes
MD5: 9feaebe9322d145f48db773922e1f13a
SHA1: 1d430da4ec12e9ca600297bcf96ae8ed83a6db63
SHA256: 530C43415B1051D4F78F42A78794D77CD1CF1396241C4483AA9F76A103E94121
File Size: 592.84 KB, 592840 bytes
MD5: 0fac71281a99eac04ff5a194e5eaa3bb
SHA1: 8bb11de30d5554f97cdb4b933eb0d9ddba01babf
SHA256: 0280C4EEBA7439BDCF880F013F7FE997CFAB2F0FC88D2C53BAE5DE097268ACF9
File Size: 3.17 MB, 3172985 bytes
MD5: 2a95bf1e1419bd4919291d32f7b4739e
SHA1: 25c7f86f6493491525428562b67480cb10ec6dbc
SHA256: 0BE31AAB41FB1740B176811377EEB2E59809C7A1D332F7F4C465BF7E9DAF406A
File Size: 9.28 MB, 9280512 bytes
MD5: 308c0dbf3bd27e1c9921c8d96811254b
SHA1: db536bf9ce28cb79c9635bd0e6e5cf1ac893a4b7
SHA256: B77B70F40D79362E0BE63822F3E7CFE36C645F884F0BB3A9FD4DB3BB2814D63F
File Size: 9.29 MB, 9293824 bytes
MD5: 663b423b5a1c8a4c4150a74c9676b486
SHA1: 430054e3e36424ea887a1d8af132f13d8e47c691
SHA256: FE854FFDE15094F31E014EC3EB93927D225D20A883D7904B02EDB2F4715BFC63
File Size: 1.08 MB, 1075712 bytes
MD5: 77ee84119fef893309aef2f157d9789c
SHA1: 72223e8d13eb9454937b92c7278c4d24baf34265
SHA256: A403109D774D94558BB54E75E17AA1597508C4AB79146959EDF772DEC6E9AAA8
File Size: 2.07 MB, 2068817 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version
  • 9.0.0.0
  • 3.3.0.0
  • 1.1.12.6
  • 1.0.0.0
  • 0.0.0.0
Comments
  • C#-Mnemonic ver.9.0.0 pre-release
  • Control Panel for KetcauSoft' Application
  • Launcher & Patcher
  • This installation was built with Inno Setup.
Company Name
  • Audi AG
  • ETH ticker Ethereum ticker
  • GENERATION NT
  • LTPTeam
  • Microsoft
  • NL-X
  • The Classic PW - Genesis
  • The Classic PW - Mar em Fúria
  • TML
  • Weapons of War New Generation Inc.
Show More
  • WEFLY Structure JSC
  • www.kreo-tech.com
  • XopMC
  • Youxiland Co. Ltd.
File Description
  • C#-Mnemonic-hash160
  • Client Login Program
  • ETH ticker Ethereum ticker 1.0.0.0
  • GESTION DE POLYCLINIQUE
  • Isaeva
  • KCS Inside
  • Laptop Battery Analyzer
  • Macro X Evolution
  • MuUpdater
  • NL-X
Show More
  • pwprotector
  • SD Creator
  • Setup/Uninstall
  • UNDERTALE Engine
  • Weapons of War New Generation
File Version
  • 51.1052.0.0
  • 9.0.0
  • 3.3.0.0
  • 1.11W
  • 1.1.12.6
  • 1.0.0.0
  • 1, 0, 0, 1
  • 0.1.0.3
  • 0.0.0.0
Internal Name
  • C#-Mnemonic-hash160.dll
  • Isaeva.exe
  • KCS Inside.exe
  • Login.dat
  • ModisEvolution.exe
  • MuUpdater.exe
  • NL-X.dll
  • NLBA_LaptopBatteryAnalyzer.exe
  • NL Hybrid.dll
  • pwprotector.exe
Show More
  • SdUpdater2.exe
  • setup
  • WoWNewGen.exe
Legal Copyright
  • 2018~2021 TML
  • 2024 (c) ETH ticker Ethereum ticker
  • Copyright (C) 2004 Youxiland Co. Ltd. All rights reserved.
  • Copyright KetcauSoft © 2012
  • Copyright © 2015-2022 AUDI AG
  • Copyright © 2020
  • Copyright © 2022 Instant, Inc.
  • Copyright © 2023
  • Copyright © 2026
  • Copyright © 2026 Weapons of War New Generation.
Show More
  • Copyright © GENERATION NT 2008
  • Copyright © LTPTeam 2016
  • Copyright © Microsoft 2015
  • t.me/brythbit by @XopMC
Legal Trademarks KetcauSoft
Original Filename
  • C#-Mnemonic-hash160.dll
  • Isaeva.exe
  • KCS Inside.exe
  • Login.dat
  • ModisEvolution.exe
  • monitor_prog.exe
  • MuUpdater.exe
  • NL-X.dll
  • NLBA_LaptopBatteryAnalyzer.exe
  • NL Hybrid.dll
Show More
  • pwprotector.exe
  • SdUpdater2.exe
  • setup-win32-bundle.exe
  • WoWNewGen.exe
Private Build 01.00.00.00
Product Name
  • C#-Mnemonic-hash160
  • Client Login Program
  • ETH ticker Ethereum ticker 1.0.0.0
  • GntMedDocteur
  • Isaeva
  • KCS Inside 2024
  • Laptop Battery Analyzer
  • Launcher & Auto Update
  • Macro X Evolution
  • monitor_prog
Show More
  • MuUpdater
  • NL-X
  • pwprotector
  • SD-Creator
  • The Classic PW - Genesis
  • The Classic PW - Mar em Fúria
  • UNDERTALE Engine
Product Version
  • 44
  • 36
  • 31
  • 9.0.0
  • 3.3.0.0
  • 1.11W
  • 1.1.12.6
  • 1.0.0.0
  • 1.0.0
  • 1.0
Show More
  • 1, 0, 0, 1
  • 0.1.0.3
  • 0.0.0.0
Version 1.11W
W D Version 27.0

File Traits

  • .NET
  • 00 section
  • 2+ executable sections
  • Agile.net
  • big overlay
  • CAB (In Overlay)
  • Confuser
  • Fody
  • GenKrypt
  • HighEntropy
Show More
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • NewLateBinding
  • No Version Info
  • ntdll
  • Reactor
  • Reflective
  • RijndaelManaged
  • VirtualQueryEx
  • Wix
  • WixToolset Installer
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 416
Potentially Malicious Blocks: 0
Whitelisted Blocks: 414
Unknown Blocks: 2

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Emotet.CDD
  • Injector.AK
  • Lumma.GFD
  • MSIL.Agent.GDE
  • MSIL.Agent.OAAR
Show More
  • MSIL.BadJoke.XF
  • MSIL.BlackGuardStealer.A
  • MSIL.Brute.BGF
  • MSIL.Brute.GFA
  • MSIL.DllInject.LE
  • MSIL.Filecoder.GG
  • MSIL.Gamehack.JS
  • MSIL.Heracles.IP
  • MSIL.Injector.FSA
  • MSIL.Tedy.F
  • MSIL.Tedy.NN
  • Remcos.AI
  • Rugmi.IA
  • Sheloader.A
  • Sheloader.C
  • Stealer.KF
  • Zenpak.C

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\972ae312b9b3458a8bb8df383a9fb2b1\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a634fbb351864c07b1d9d3e2e2924438\webview2loader.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-gde6n.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lroid.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\temp0.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\temp1.jar Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\94\shell::sniffedfoldertype Downloads RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\pc soft\windev\27.0\appli\36b07cc3f35c7250bfe20502a5825c16f399d30f_0009639936::last_framework 270103j RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 143.0.3650.96 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count  RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
Show More
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetContextThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtSuspendThread
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects

10 additional items are not displayed above.

Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Network Winsock2
  • WSASend
  • WSASocket
  • WSAStartup
Network Winsock
  • connect
  • gethostbyname
  • inet_addr
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecute
Keyboard Access
  • GetKeyState

Shell Command Execution

"C:\Users\Nztewlcq\AppData\Local\Temp\is-GDE6N.tmp\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650.tmp" /SL5="$60302,5666415,214528,c:\users\user\downloads\cd526ab1a8cac6534a246050d8dd777b01a88e44_0006159650"
jview.exe /cp:p "C:\Users\Hxejqwsr\AppData\Local\Temp\temp0.jar
open http://www.java.com
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/

Trending

Most Viewed

Loading...