Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Dropper.FD

Trojan.Dropper.FD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,144
Threat Level: 80 % (High)
Infected Computers: 147
First Seen: September 18, 2023
Last Seen: April 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Dropper.FD
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 8d3e3ca5daae94cdd6994dc025ec2fa0
SHA1: 35dc98c6c70d6431d9f8b83e4fdc6bcf058153b0
SHA256: 0142428FD3201DDA277FA24FFC2284F00C7B9B81DB45B625A3CD8C33B1B16BC9
File Size: 4.29 MB, 4289234 bytes
MD5: 5739db8e9cae21dc5e004516c624a370
SHA1: 819d51a53c132f23b9bea107760303dab2ce0511
SHA256: 956470F749A5637C023A4449015C827251DB2DB70F7BFEE68BB4A69FF1BAD865
File Size: 4.57 MB, 4570388 bytes
MD5: b8c2a52661f7916ac72ff2f9db8f08b2
SHA1: c11b1060c0c417e53c6c4cd9b3df459c090d1730
SHA256: 41D1266D9596C81E729EC2E97929AC6A2EB5B90166AF9F953554BD36F5689533
File Size: 5.64 MB, 5639063 bytes
MD5: bf72eb757e1c81bdf308a956ff2577f6
SHA1: 969ca498284cd01f78820be6888db1d63ceefb72
SHA256: 8E2CABD5499C7E5A5AEC77EF3015FCD234E415F348D3B14A835F6590F359FD6E
File Size: 3.31 MB, 3305732 bytes
MD5: 75dbe5035be3a48d950f3c5b37c4b636
SHA1: 4a1868b77703bb7af8972f1fd020dc170631e4a7
SHA256: 928638183996E467F37B168B520E081CB0B9C5095807432D24A1105033C04F43
File Size: 610.15 KB, 610152 bytes
Show More
MD5: 84bd7be3be415fa1da2a36140c9fd243
SHA1: 0ab3cded15b05d583d35e80714787980fcb03122
SHA256: 4CA4ADB477F2C89E0875DBC608F966F5176230F9598B5E321390B44AF044B800
File Size: 7.92 MB, 7921859 bytes
MD5: 89f2229f3170526281b0e21c0cc0a76c
SHA1: cf91d10cde31d9c5908c43bade1b55958c8057d9
SHA256: 2E02804B1F4C99175424069542C88914E532A64DCA47CA27315A88F78237F415
File Size: 330.84 KB, 330843 bytes
MD5: 50a39be199a68c6c955d742885a167c6
SHA1: a74d936a22f091db824cb859a11bf13922802ec6
SHA256: 15FFBF387A631A8FAE5857CFBFEF90D02DB9FE86F7052F16F1C0E99ED9C01BF1
File Size: 3.73 MB, 3731561 bytes
MD5: 5519e99c6df9d3ecee6d6084147c7620
SHA1: 97b5c6635085b9b7b6d87be3af43c8532b3cfc59
SHA256: 6497047DAC64DB5E739B51C4E7503F2AAFDC8AA341083E69357380D34993D4EA
File Size: 2.20 MB, 2203114 bytes
MD5: 7b34f2ad5b02e5569f1580f519ac9901
SHA1: 4bac7a94d6fd0eee2f91366b31ddaf98675b67c2
SHA256: 0F294D41FA083E9FCAA0DCCE6DEF743F5E8DD43B9D0A52477CBAF6DEF17E7346
File Size: 3.44 MB, 3439460 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
File Description
  • Easy 7z Setup SFX @ SkyUN.Org
  • FormCeo
  • Mac book 二代鼠标驱动
  • SimUI封装
  • 软件商店
  • 马蹄更新绿色版客户端
File Version
  • 5.8.3.0
  • 1.0.0.0
  • 1.0
  • 1, 3, 0, 1307
Legal Copyright
  • Copyright ? 2005-2009 Oleg N. Scherbakov
  • Copyright ? 2015-2016 atghaiyang
  • Www.360.Cn
  • www.SimUI.net
  • Www.SysCeo.Com
  • 本程序由金刚狼绿化制作

File Traits

  • 7-zip (In Overlay)
  • 7-zip Installer
  • Installer Manifest
  • Installer Version
  • packed
  • x86

Block Information

Similar Families

  • Dropper.FD
  • OpenSUpdater.CD

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users Synchronize,Write Attributes
c:\users\administrator Synchronize,Write Attributes
c:\users\administrator\appdata Synchronize,Write Attributes
c:\users\administrator\appdata\local Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp Synchronize,Write Attributes
Show More
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0 Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\background.html Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\background.html Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\css Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\128.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\128.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\16.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\16.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\48.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\images\48.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\bg.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\bg.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\content.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\content.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\count-down.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\count-down.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\highcharts.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\highcharts.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\jquery-1.8.3.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\jquery-1.8.3.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\jquery.superslide.2.1.1.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\jquery.superslide.2.1.1.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\popup.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\popup.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\swiper-3.4.2.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\js\swiper-3.4.2.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\manifest.json Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\manifest.json Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\popup.html Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\popup.html Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilabg.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilabg.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilalist.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilalist.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilamain.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilamain.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilapop.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_0\static\huilapop.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\extensions\temp Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\preferencesv2 Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\preferencesv2 Synchronize,Write Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\secure preferences Generic Write,Read Attributes
c:\users\administrator\appdata\local\2345explorer\user data\default\secure preferences Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1 Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\background.html Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\background.html Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\css Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\128.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\128.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\16.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\16.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\48.png Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\48.png Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\bg.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\bg.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\content.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\content.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\count-down.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\count-down.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\highcharts.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\highcharts.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery-1.8.3.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery-1.8.3.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery.superslide.2.1.1.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery.superslide.2.1.1.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\popup.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\popup.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\swiper-3.4.2.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\swiper-3.4.2.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\manifest.json Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\manifest.json Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\popup.html Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\popup.html Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilabg.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilabg.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilalist.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilalist.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilamain.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilamain.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilapop.js Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilapop.js Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\extensions\temp Synchronize,Write Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\preferences Generic Write,Read Attributes
c:\users\administrator\appdata\local\360chrome\chrome\user data\default\preferences Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\bookmarks Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\bookmarks Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\favicons Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\favicons Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\preferences Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\preferences Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\secure preferences Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\secure preferences Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\top sites Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\top sites Synchronize,Write Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\web data Generic Write,Read Attributes
c:\users\administrator\appdata\local\maxthon\application\user data\maxthon guest profile\web data Synchronize,Write Attributes
c:\users\administrator\appdata\roaming Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6 Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1 Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\background.html Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\background.html Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\css Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\128.png Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\128.png Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\16.png Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\16.png Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\48.png Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\images\48.png Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\bg.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\bg.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\content.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\content.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\count-down.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\count-down.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\highcharts.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\highcharts.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery-1.8.3.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery-1.8.3.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery.superslide.2.1.1.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\jquery.superslide.2.1.1.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\popup.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\popup.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\swiper-3.4.2.min.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\js\swiper-3.4.2.min.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\manifest.json Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\manifest.json Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\popup.html Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\popup.html Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilabg.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilabg.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilalist.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilalist.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilamain.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilamain.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilapop.js Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\jpckkdidaeimbmfapdgopppnddboafdp\1.0.2_1\static\huilapop.js Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\extensions\temp Synchronize,Write Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\preferences Generic Write,Read Attributes
c:\users\administrator\appdata\roaming\360se6\user data\default\preferences Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsfx000.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3oijmk2x.ov4.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jel4qkc0.5r3.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msi7dec2.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mside84.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup.hta Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup.hta Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\personalfolder Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\personalfolder\multipointint Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\personalfolder\multipointint\resources.bin Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\personalfolder\multipointint\resources.bin Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\languages.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\languages.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\progbasec.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\progbasec.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\protoaeb.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\protoaeb.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\programfilesfolder\multipointint48+\sgas red48+\resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\setup.msi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sgasred48+\setup.msi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\systemfolder Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\systemfolder\redist Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sgasred48+\systemfolder\redist\ms Synchronize,Write Attributes

17 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::htafile_.hta RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\syswow64\mshta.exe.friendlyappname Microsoft (R) HTML Application host RegNtPreCreateKey
Show More
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\syswow64\mshta.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.5794"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䑙焂鎐ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闸ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃ 龡^濖̃賬̃#獖}偫~엦1਷ˣ邯̃뫯ʃeꙥžЂ엦1 ¶i ꙥžr֢vꙥž RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 灷䦤뫣ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\software\wow6432node\360safe\liveup::mid RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
  • ShellExecuteEx
  • WriteConsole
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Terminate
  • TerminateProcess
Network Winsock2
  • WSAStartup
Network Info Queried
  • GetAdaptersInfo
Network Winsock
  • gethostbyname
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges

Shell Command Execution

(NULL) SGASRED48+\setup.msi
(NULL) setup.hta
open C:\Users\Wciikjiy\AppData\Local\Temp\7ZSfx000.cmd
WriteConsole:
WriteConsole: c:\users\user\do
Show More
WriteConsole: del
WriteConsole: "c:\users\user\
WriteConsole: if
WriteConsole: exist "c:\users\
WriteConsole: goto
WriteConsole: Repeat
WriteConsole: "C:\Users\Wciik
WriteConsole: The batch file c
(NULL) Soft\XYSoftInstaller+248238+n4674af9b9c.exe
open PowerShell Add-MpPreference -ExclusionProcess "C:\Users\Whxdtayx\appdata\local\temp\soft\xysoftinstaller+248238+n4674af9b9c.exe"

Trending

Most Viewed

Loading...