Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Ekstak.DB

Trojan.Ekstak.DB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,007
Threat Level: 80 % (High)
Infected Computers: 78,648
First Seen: June 2, 2017
Last Seen: April 20, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Ekstak.DB
Signature status: No Signature

Known Samples

MD5: 2e8bcb572e97a4fad520db7b59cfa27c
SHA1: dc0e915cf17678cdf74eb2b4c54b7793f8d45067
File Size: 3.63 MB, 3628602 bytes
MD5: 3e69c32e34d4a4bcbd421b797e25e5ce
SHA1: 00601d27d4e70cd56b7e507759e94360b39cbcbc
File Size: 3.42 MB, 3423726 bytes
MD5: 423c8dea82b9de42055da60a6861ccc4
SHA1: 0e484dcad2daa837b8975f1a4e6f2f5a3075b1e0
File Size: 4.57 MB, 4571671 bytes
MD5: ce24e56e7aba4119dac326e2d333c5ef
SHA1: 3e4f12d4138b6b7941948dae37869dd7797b1b92
File Size: 3.77 MB, 3771973 bytes
MD5: bb0ce92b2a39714da98731bd237aa279
SHA1: c89c7d6843b1e9fcd570dc7f85a98855c05aa150
File Size: 3.42 MB, 3420075 bytes
Show More
MD5: 2eee25e89a1e1251953029e42388189f
SHA1: c8ebca194f7cfc58da79711427ebaa9105b2b71f
File Size: 5.23 MB, 5230558 bytes
MD5: 6e69ff89c870703f20b765cade377f32
SHA1: 1056b5c9a1ee1c8c5267d6e0c1e8917c42d6c41a
File Size: 5.53 MB, 5525503 bytes
MD5: e6c1fde2e33ae863d75fd823bcfa425c
SHA1: 1cb580268f1c96210dc1e3b56d299d8f072650b9
File Size: 3.62 MB, 3619836 bytes
MD5: 98f33b92ecf6bb309cdbeb5eb99a6a9c
SHA1: 8ba7a722d803cee046bb2504a374b925721069e7
File Size: 4.93 MB, 4929536 bytes
MD5: e9e2da3aaf5d7ec8ddcbf8b3f54d358c
SHA1: 98f1da747b485786e700f445c074f2bbd5be34ad
File Size: 6.32 MB, 6315100 bytes
MD5: defd0f46c1c1e3d155365caf7ae8dfe6
SHA1: 6664d18ad0f6352a0ceb897f9cf5c18554dee552
File Size: 2.04 MB, 2035524 bytes
MD5: 74678ffee30d4773f4b50ca4dff0511d
SHA1: 4bc6d4c68de7addab663fff0e5c24b7b29398a6e
File Size: 7.77 MB, 7768064 bytes
MD5: cd87b0e0f601a07cd382ebeb887f8354
SHA1: 80dcab6cba0c3258ea994d4feda5d9a3b38bd319
File Size: 4.06 MB, 4055033 bytes
MD5: adcaec698dfe357cd109ff9ad3366d2e
SHA1: aadc12e36f2969b794876fba083223df39382e07
File Size: 4.89 MB, 4890427 bytes
MD5: ca250e73b795b06fc660fc1c78ec35ee
SHA1: 277fd3669589950b0de922c9084a9ffe14a08d77
File Size: 5.26 MB, 5261713 bytes
MD5: a040e1bfbf3e86a2d55fcc1428cf52c4
SHA1: 4ceda2d0adc043df847d0f410267641bec51cba1
File Size: 5.48 MB, 5483189 bytes
MD5: a6bf8171a8d66b6da8a36251dfa0c915
SHA1: 40f89d551df529a23c54b89e4b3a51792d5d450d
File Size: 5.99 MB, 5993472 bytes
MD5: 72c1329ebe1b930cb8c1abe23810db1a
SHA1: 575822469c7fe82e9bcb4bda97bc5d05fda09116
File Size: 2.83 MB, 2827776 bytes
MD5: d7cdb048f9c45d6656bddab0d0a91004
SHA1: 8f6b99160662e577e58288b8b2437e5ae2b18db4
File Size: 7.81 MB, 7811068 bytes
MD5: 6ff7a0d032b021df5ab2cbb52c6279e6
SHA1: a49bcf732923f0a0c0fdc23a3275e4e974d907ca
File Size: 2.95 MB, 2949048 bytes
MD5: fb50209cd49fbd1b4a0e525e1f01fbc2
SHA1: 1b177cf2235a8446109ff37bd90fe6db49d648f5
SHA256: ADF590E96BCACA7FA9DDBF9820E11AE54C6CB374E79EDD56978C058D5D9B55DF
File Size: 4.70 MB, 4697600 bytes
MD5: 2a4d5c13293d12f143cb69423a1cfb55
SHA1: 62b7832274dc8475d8d44b9fdb4e8acfab8b27df
SHA256: 4F47821D956B82B384C5F7A2543B5A05DED5790B962F1F9683BE43BC4C6165C2
File Size: 4.10 MB, 4104182 bytes
MD5: 6df2911f51099c6dea2934bea096c056
SHA1: 3ea945efb79e5706907baa0d35ca726fe521b681
SHA256: E1CEFF59AA1E4699D3F5114A463E45FADBCC9BCC1117D18A5CE4F1C1500ECE84
File Size: 2.82 MB, 2822144 bytes
MD5: 8ba92d8327281de43004297fcd81e003
SHA1: dbfdc079d734aa3c35cee2d3547d638e91245d8a
SHA256: B4A3FAE722209B6A600755AFD23B12B99B21DCBFCA802AFE354F1253F31DF468
File Size: 5.57 MB, 5572144 bytes
MD5: 1a9696a4b6b4e7e2c3f49d6a7810e6f5
SHA1: 3d0ebeaabfaa0ba52d4970b4507c41ca9b5d1f85
SHA256: 446880149B0D2CB41588EC33FFAD9F21D14588D16C872182EE92639BCDBD21FB
File Size: 1.70 MB, 1702089 bytes
MD5: c42420984597492f0e5d7cc2c5e3e3eb
SHA1: 97fab85ee35bd2e7518ef3b4ee08409674c69d64
SHA256: C3C46CD0EC5393A99DDB4DFBC421C50E562A46C2D7B7652B1ECD116A2E07962B
File Size: 3.15 MB, 3149150 bytes
MD5: f86bdd2cc862a967297b2c53b5ad39e1
SHA1: 7e2d99727c86e8fe0dff64a9dd2ac1978ffeed8f
SHA256: 0B5AF8CDC932CE4696BC206460841715F65AAD4B5A064242A84DFC60A9ECF139
File Size: 2.00 MB, 2000773 bytes
MD5: b126ad038db6ffb8aa9171f98cdabb1b
SHA1: ee674584bde1ccafe15d14314e301909b2018479
SHA256: A72DE5AA049BB9BB2BE73F8970B27FC783714DF3069F2696BAEB2124A87CE0FD
File Size: 3.65 MB, 3653581 bytes
MD5: 27ed51ad9fb1c1b73472c5ccd8f70b35
SHA1: 696f9690abb6ea4f6eebd3403876efd476fb9b58
SHA256: 2C78A7C7E67A6D8F23A6E7E7669166AF547B49EF69CA72FA62E501F08B008DE3
File Size: 2.39 MB, 2388529 bytes
MD5: 09ad36cbc330e6f5661bee5f9dfb719a
SHA1: 42ccd707ce26a0244ea7284124dca06cf5464028
SHA256: 2781EF0CFC9F5E5503808075A2B0C01DDB056882F8C8F80A96AFB28DFAD80777
File Size: 8.80 MB, 8798201 bytes
MD5: 427e3fbc9cb24de6f77ea272ddfd4684
SHA1: 485a7edd5518be27af5b84174de0d6e042308c49
SHA256: F2406ECFE7B23A3E6865F332DB7E87F6D4E6B4E413DCDF6876FCB6FCB33ADFC1
File Size: 5.76 MB, 5762891 bytes
MD5: 30eeb36847a0c5887b4608219915d6fe
SHA1: 0ce6f482834bf23db2e216441eb148d1e4cb1a29
SHA256: 584954F720D9D20E817A032C704F55028F2A0009BCFD27221B0BFE11AFDD3796
File Size: 4.14 MB, 4141056 bytes
MD5: 149391afed53339a88b79a1e8ce277f4
SHA1: 7c7efad4b1fe8580442bf1fcf5414808e30ff75c
SHA256: EF0404FC74B92944C213A132853BA7CB35D9BBCB05B670093B6F438902E41B05
File Size: 1.55 MB, 1548288 bytes
MD5: acbdf97d05248d1e77f2ff611fb744f7
SHA1: a0c979ffe896e148d71f5475583e113359da9d17
SHA256: 562EE7AA7ED3090965BDDBC8AE7DD58243EF061C3B8DD12FCD053536BC33DC25
File Size: 4.95 MB, 4946354 bytes
MD5: 4b1f1f71cfb0736f381e82f790fa4219
SHA1: 5a95546a2a2b6a2c4c6c335011a93d3a96a754c1
SHA256: 9AF303ED77B3A9E08F7158B8973960E5E866CDCD5EA9257C4F8CC1ADBFE5B083
File Size: 2.21 MB, 2207728 bytes
MD5: 2c66cd154c3a6cc59157e1eeee9a3bc6
SHA1: fb7a1b1ac2e3f9b08fbb5c4844a974cf7f9ef4a1
SHA256: AF81C4CCE0FC34393CA3770854E320B19FF2E7ECD3FFBBD98C55AEAFF4A1CC0F
File Size: 2.80 MB, 2798592 bytes
MD5: b638fe89d11b415daf8fd53a66f18bfb
SHA1: e0065f4d496ea2d390533e63669a38786f513ccc
SHA256: 8F11E130A25FD4C153037CA1B350D5AEA0B76CB5E0D4D119F0F74074BE89CEE9
File Size: 3.59 MB, 3591307 bytes
MD5: fca1922b0df662f4968055aae3bba6f0
SHA1: 05bf6a2872bb662582d048632d71f2d396cd81b3
SHA256: 286D8110C7D6100DD94E55DA6A3B0708EC52AF5F1D904A63785E6EDA5449EA1B
File Size: 3.46 MB, 3461632 bytes
MD5: 8bfcb52c08f5fe7495b8e12684ecb7f5
SHA1: 01eefaa24f0b951d62ebba9e000c95f01cf91260
SHA256: 2A808E381879FCC4C10144AA0D574538E0BCEE34C124C4DA9724EA55FB8FBDCA
File Size: 3.68 MB, 3676099 bytes
MD5: 788bf513bcd389a2c09aeed325c62ca3
SHA1: 21cae6a5218dfaef5896ac15f0e0dc41e00f9a15
SHA256: 100CBC595A7CA3BA268D8C0251CDC7019B7A457E7A2E2BAC48CD671C1B842C81
File Size: 4.78 MB, 4778899 bytes
MD5: c97229682d25d598ce958bf6492174ab
SHA1: 3427bcc9ace40ca47d977e24ff6d5b2eb9b00806
SHA256: 3FE42CCA5FFA7B1DF4A3EAADD52889C0FC36C23925135928E58BFEEB6BC0DF38
File Size: 4.13 MB, 4132485 bytes
MD5: ab525235e8d6db423af47f259bfb6ec4
SHA1: 062bc68625a460f5a9b1b40412cfcf8aeeaa17a5
SHA256: 8C3C708A9444308B8BC977DEF0DF13EB722FB00DBA4434B2CECBB12DD3DEC5EE
File Size: 6.53 MB, 6527918 bytes
MD5: 76cc3c1956e80b27bfdafa9d3cb546d8
SHA1: 8aed15d58cb89f74f869d74ddd01e20eb3faa954
SHA256: 2EE92A162F3C243F045777ECC880B223F56F2263E2058424EC4BDBF65F0E4F30
File Size: 5.94 MB, 5936444 bytes
MD5: e7969af33cedb858aca0798383f957eb
SHA1: e2754bbea0f333f151a4d3fbc8712ae03ae60e26
SHA256: DFE9B0B76FFFB0732F0867111A60B2BE73AC6F3CBA0DBCD104E3D5A139CFCCE0
File Size: 3.60 MB, 3601334 bytes
MD5: d340cb4ecba98d4f94ea583bb68711c3
SHA1: dfcc506d90d7ac47ee24968b7a18fb934440fd06
SHA256: 063996B443331E0057F7FA53367D978A5E1E7C27CF79E69A94C11196E08594C0
File Size: 4.56 MB, 4558507 bytes
MD5: 7954301f3a9b3e820ac5f0255dafe8b1
SHA1: d99366ac2f4c872c7a4ceb706c843c4d1abb1efd
SHA256: 96E269E0D285AEC841277AA6901E98553076B5AD1C6793668EB402500EBEDC1E
File Size: 5.33 MB, 5334800 bytes
MD5: 281e035daf80ba61dc866344ac418d50
SHA1: df2ebf4ca3b4461b8b503f2e48d4f04591a808ab
SHA256: 08949B93E44372CCEC64D09C5BE061979380D5F7D570868D73E5E55228F1C5F3
File Size: 3.13 MB, 3126086 bytes
MD5: c2d42f160841f0703a32042055b515f7
SHA1: cd499ad1d138e6ffea37f1b06bc9567dea8a61e8
SHA256: 21467A341A6B22549607088626330041A6E69601332ADF9BB8819AA04A3050C9
File Size: 4.30 MB, 4300800 bytes
MD5: 971bdb99e71585cbc9b8984b3310d532
SHA1: ad7ac715d03f44bd085a31689c5978c10b5feccb
SHA256: 3BFC576F7912FDD95BAE9362830EE0FF837F736DAD6E598CA685F7C8817709D1
File Size: 1.82 MB, 1819593 bytes
MD5: e03c44bac6db59e000dc2a17aca3e201
SHA1: 747ec113eba51226227d5745256b08aa2ee330ce
SHA256: 9F3528C9897D5D9E12B5A65F5B1AC1FA8A06732BB52C4AC219410008C5281625
File Size: 3.46 MB, 3457023 bytes
MD5: 0e0ba24426fa7a84c4044b137ea13869
SHA1: 523e0bc1cc6b0c7be626a4c21426f23549133631
SHA256: B9E4C4E917E9FC477D76F2F86584DE057D28EDD4B889754768B4804DB1490CF2
File Size: 3.13 MB, 3132550 bytes
MD5: f80396286e9dbe50f9f692e456d0c439
SHA1: 292edfd872bb09525afa4c6eb133b2b566591bcc
SHA256: 6C94837A3D36DD5EEFC15EA26BAD7B4FB42C18C2F3B585F7662F1E4C30B5E246
File Size: 5.00 MB, 4997109 bytes
MD5: 250c343cc82a6d21835d5a9c8d30925e
SHA1: 63cd0d7c840affae130c7c21600f679a9ec5bca0
SHA256: 26DFA74E0202C7435D57E6B29B09531D261B536EC1A51BA6E058E62B38AFDEF2
File Size: 3.35 MB, 3353064 bytes
MD5: 77122ba5a10a22f82de1f0548efba73e
SHA1: f928e22f7ce4b184bb372ea5ce2fd86922bba343
SHA256: B4AC453A1F5D27BD94358B3E8979514E91F1CE617AB5599C19157FC40FFBC826
File Size: 3.01 MB, 3009536 bytes
MD5: afa08fb113fd7467172d52d2cb4efa8a
SHA1: 287b90ad591e6d63d8d59bc2e5a12f9301d44f89
SHA256: CB0BF53C6FA1AF76676E58F700973F63401CECBFD0D3603E0D82DEE4346E9DD9
File Size: 4.12 MB, 4116262 bytes
MD5: 2a939f62efe0ab517df1776b0e4f588e
SHA1: 1f8f393169c5fe4401852130e0d01f8a58f39044
SHA256: A94116377A756B4F296C6475DE5297D1EC35A94382CDD132B9EF83819F024F2E
File Size: 6.35 MB, 6352890 bytes
MD5: 8a10b9f7fdf2e31865bd507f1af019e0
SHA1: 277e4911eb9ab8213ecd780a0f5abb404144c887
SHA256: D24FECB9EA9AF8D03CDF93DE7ABCDA30EC26AD93783076657E6B212FAEEFD9CF
File Size: 4.01 MB, 4007109 bytes
MD5: 5e7af5fe180be5a84c0d79bfd9ad8f21
SHA1: 00da3c2cabddbc7f7337398087b28cac51774df3
SHA256: 91C78BF43C5AB0A802C439ACDB53AB0A85B725B157288B0F7FC8689219470CE1
File Size: 3.17 MB, 3174810 bytes
MD5: 3a24c6a28366d0849102da086a6d82ec
SHA1: 925ae6872c2c9fb5082024f1eb6cc7574632cdb6
SHA256: 35E30EC82CD05B05D389F70B915400AD763951B512346AEC26150D4DD4820000
File Size: 4.54 MB, 4542454 bytes
MD5: 0446e1bca470af69b21164071d7de2e1
SHA1: 72ab37c934146c713c131a3cd53954b8b7df2810
SHA256: EA43DFCD06839A1232310A9E6E389A3A50608515FD03ACFB09DBF82E3523D1ED
File Size: 3.53 MB, 3531776 bytes
MD5: 401991cd293f334d811ae195ca16cf8e
SHA1: 878e30e5da98144a7932b6453489c3d629f39ba3
SHA256: 8A659DD6544034D307C898B3521E7F8EE15349E6AEF515601D6945AAF291FD44
File Size: 2.86 MB, 2859000 bytes
MD5: 023bf1e7007af53879c34a86d107439f
SHA1: e203cb6982edca3852988bdb36a6e8b77124c6c5
SHA256: FB6E9AD7C097D7E08996E589415B78687F01F820F32135A6051ECEA57FE2C146
File Size: 6.54 MB, 6541307 bytes
MD5: 2ff145462cdd170ab4d0ad34bc1bd86e
SHA1: c6111d3aca41c4d6ee8ddc2d12785376c24359a1
SHA256: 22D12F12E5997A0BCD95186994170D16042E65B0BCFDB5C6D4CF72D256CA28B7
File Size: 3.37 MB, 3371008 bytes
MD5: dc97d39249e60db370962e4f0f52ad85
SHA1: a29097d3ca1103c2552c5408afdaf418ba88ce4d
SHA256: 03E1FA58ACF033DDE7F60C0FB27641D82D19B478AC13AD4B7C9C28D6B3AAEBAE
File Size: 1.94 MB, 1941501 bytes
MD5: b6b3c310a8f0a20b952b8f7c9be82733
SHA1: 9cdcb5f4660fb9a967454dd0a819ff887f5b72c0
SHA256: 3EDE2E2C5A9E61EC12CB88178B6A1C0851E20FF631221A05E2D58C04BC71FE82
File Size: 1.87 MB, 1871042 bytes
MD5: e74baf51110dd5464f2e7b55b76b9cbb
SHA1: 64cd0fce58ce0e270d4fc6763daee0073315516e
SHA256: 3C6C273406D71E5B130ED07BB7959DE6A7C303C219512334F9684D85AB5DEF48
File Size: 5.55 MB, 5554085 bytes
MD5: 75efa8bf43acb6914d659a423d7bf183
SHA1: e07012a226f5b627fd960ceaf1dc9b5f1e1dd8a3
SHA256: 4AA6A84DFF06CC0D7BA228CFA53FFEBE2CC91B6B695CDE5AD9193E4DABB2F995
File Size: 1.38 MB, 1377792 bytes
MD5: cc91e027d5e6c5de39a7f555c853e1ba
SHA1: 68de798a82750508731dbfc5b19f09191cdceda9
SHA256: 3146A5A42A63FCD9B48A29FB70A4E643A45A143E0224164D8D99D392DB49974E
File Size: 5.55 MB, 5545982 bytes
MD5: 8765961de89c89f5ca7f4480a606a03c
SHA1: 17d40564d1e663cd3c48aefb3d5faea3301bf596
SHA256: FFFBE0D34F7348C7A882B557ABB4BC868BC27F20BAF9FBF51CE08EBE95EF5DC9
File Size: 3.72 MB, 3716011 bytes
MD5: 58016f5d91c1931200b026aea3bd7155
SHA1: 3dd4891078102490d4a482e2eb08cfd83f25ddf4
SHA256: 4EEEBB143B95278640F704CCB6E29FFE9953E24B796CACFB85AB102F0FB3A259
File Size: 4.70 MB, 4702137 bytes
MD5: 57b6a9e1ac1f5ef560880612a5603de9
SHA1: 12394fa557060838fc58b8f2fed6cd725d3446db
SHA256: ABB1830CF12571E818105581BD16E334AB7713DF0A1B84ADC93CE7B5A4706A32
File Size: 2.47 MB, 2465603 bytes
MD5: 24a885c4d9dc3536fb49e3d374f12666
SHA1: b88018a683582317d8530a0318de40102c3d0b36
SHA256: 8DAD2DF120C68F9EE32D457BBFC9E9D88C06DF919090449BA8483D3AB14095C9
File Size: 4.28 MB, 4280315 bytes
MD5: d3be16901463f2b14b01300d847a6280
SHA1: 8e1e31fa7ceaff628ffdbcc75f41ecbc4aa3b669
SHA256: 4610E81F5EE20D5AB145A1F057FE23359A99CFA25CBE975D40F11B3C148D4C2F
File Size: 3.17 MB, 3173499 bytes
MD5: 7edd58fb87138cf27880ab60ab98a97f
SHA1: 77dc44d50d0077b94e38c097948ebbf65859814e
SHA256: 553B325A4B2CEBDBCCECBCF2CCD77D4BA03D8DF688C8B8B528A5C8A32ACB4B62
File Size: 5.32 MB, 5318144 bytes
MD5: 093fdbd05b67472595764c33001232ff
SHA1: ce5917b4a21e77508d4754e449ede440558cda3f
SHA256: A744EEB234B0BBBE47D48A96C9C24A16F783463C2A438A454C42438621EEA46E
File Size: 5.01 MB, 5008582 bytes
MD5: 86f01056b45885d1b6361882f0ca7fed
SHA1: 0d8f933591ff444df3f6aa430e5c1ee196bc4017
SHA256: 54E0EDCF55845811FCBD08FA804C17C32253B89E83393BF94C025760D72C220B
File Size: 1.15 MB, 1147223 bytes
MD5: 76f42e1f1eef4f19ef4b97e1630d8412
SHA1: a531b70be4d274ef70a8a15035ed9fcda394a37f
SHA256: CB451C33E2E535BCF15E10DB4D2313FC58E80C378AAFD69313064E250FA338B7
File Size: 4.19 MB, 4187493 bytes
MD5: b7c8243ae03236ea86b57d7313727e7c
SHA1: 096fbb15aab09db25057d1fecbda43b2c0aa2c41
SHA256: 4F3A050560B1EDCDF73BD7433EDC99847793388489F11084203CCA685B1EA481
File Size: 3.33 MB, 3330047 bytes
MD5: b913eb31b8065d9a443020c5b05f8bc5
SHA1: 4823ab71d197c6e586b69b0290ab40adce8ba653
SHA256: 8AB5F3A1A831A4511DEE98D089F07008D102AA6CCD6D7A74C7787673745CF801
File Size: 4.07 MB, 4072960 bytes
MD5: fc246671d18a3b080f397f4db0d48496
SHA1: faae4a0a51d4775c126a5c18b28d26b00d47935a
SHA256: 66309A9F49145F9E095A08F58411F2D2CD0BF4D95209B82CAC4DFA670900FCED
File Size: 4.60 MB, 4603904 bytes
MD5: f01545c3633aa327303397224e84424d
SHA1: d6e4a89ff7f05f64c06dbadea2524e1cff8dd9ac
SHA256: 22299A917D3D7A15C3FE9F191BE1F0F24C4AC57C6B5C1E2BC3E512B0DBFF0FCC
File Size: 4.63 MB, 4628478 bytes
MD5: 761bc17784020a1d9be7c4fd1b36bf7b
SHA1: f65c9218cfb3909ae8b34916ddf98ce33809058f
SHA256: D88C58671F4475CF2A9E16C36C2804BDF93C464C68F9CE98EAFB7ED477427FF3
File Size: 4.51 MB, 4513786 bytes
MD5: 2f8309f82d7b021048edf6fc74f55dd1
SHA1: 88adabc810012d071260850ae45966b574955a4d
SHA256: 9B91B8AFEEC45D9CF4C67A97477525C286AA252CA228544A2194B8E581654EEC
File Size: 3.22 MB, 3221857 bytes
MD5: 19aaef689d059b8811697e09b6d933d5
SHA1: f5450ba7cf1db0879feb40fe444ad7150cec7c86
SHA256: 26347BDF0488777815BFB2CC68545EEFD60AD6995E6889594EFBE98779CF4B4C
File Size: 5.30 MB, 5295865 bytes
MD5: 57513ef1d36ba5bdfee5de78d70f5712
SHA1: 117ed7f32742f78a57d16f31fe1fb25042cbe00d
SHA256: 8EB9704D66EB4234E929BF67A711AFF6871E14BA7AAE7A6A48C025B76BEE43C2
File Size: 3.45 MB, 3453440 bytes
MD5: 601cad07ade64e2fc6c9fd9811139297
SHA1: 197eb260337251f146bec723ee5bbaff7d88fef6
SHA256: 888D1E0C5BD4D41EEA9584173DD2F5CCA5CC20EB6D0C24CC8D9D41652202D52D
File Size: 4.75 MB, 4747477 bytes
MD5: f1df0285cb69b1ee0d42e5915e6fe468
SHA1: fc38718f0aac2612aaab2d0c988c5c57cf17f4a9
SHA256: F72D2ACD2E4FC89B103E213FC4F45E62636A12AE25C9F50CE8140E29AEF1867C
File Size: 3.67 MB, 3674100 bytes
MD5: 4a36a01b07b12da0c7f937bde4821008
SHA1: ed7b8f86fd45b75ea0f985f43f733381ecd03dba
SHA256: E0D8043AD1DFFC1F52380D85D83377D78E7EBA3C962C34B74C87DF646E660F8C
File Size: 1.27 MB, 1273854 bytes
MD5: 0a5049fe718eeed19f1a1043862dfdfc
SHA1: e4a58b578d80ce75f608825d5f1b60575cf1d498
SHA256: 4154B5B9CB93F1741FACB95572117A30C93C108E95A8412C139D07DF62BC8E7D
File Size: 1.89 MB, 1892341 bytes
MD5: 21abd5e2bd2c44e9e85378e175e4a3a8
SHA1: a3e804a848ae16b44b77a51820696a4f52781270
SHA256: BA4674A39DEAD525672CFCCD5E4079F39F87074145C81E26C534DF3955E0A4D0
File Size: 3.30 MB, 3299153 bytes
MD5: e36c735c471763882260975ccc5defe1
SHA1: 7120c821b1999b5992f4250a03ec19491413d838
SHA256: FF99B1B8AEBFDBF075E5BE6DC73F6E2BC04BF24840FDE5DCEC6D0E0F5B4FFE58
File Size: 7.16 MB, 7159802 bytes
MD5: 460a9726c771282af0d640dba11541e0
SHA1: 7faf7f607dea4a137fd6c8d3bdd628d043e1b929
SHA256: 2E4AF62EEBC43FCE484EE064C2545BF985294B07CE59BDB21B742EC67F1A4701
File Size: 4.87 MB, 4866020 bytes
MD5: b95cffb87435ca187426688b2aec43fa
SHA1: 23b52acea8c625e372caae5237b59afb85fe1bea
SHA256: 66F1DE45FE8CAB1E0BF51285B83DD4D0FAD78E898596FDD39A1D6D7BD6B944CC
File Size: 2.74 MB, 2744832 bytes
MD5: d748ee3a65dfe78a6d0724ffe46c0904
SHA1: 3297a5c9c6b94d7b91375469357892725ee79f71
SHA256: 0745B1D283E1DC24303551C801DC52AD4EC8BD8F4B09FB6B44609F29941C8C10
File Size: 3.13 MB, 3132416 bytes
MD5: 8389461632768415c945b2e0c5967050
SHA1: 07778308770589922f0a65332290b51ce6057208
SHA256: A055C403CB05798C30EF414EE117DD48280030123988612411B590D8BDD68C1E
File Size: 1.21 MB, 1208318 bytes
MD5: 758f9978e6a3951ae877bc84996b8940
SHA1: d2822b42cf3345fbb650b10af17f22a093df88f6
SHA256: 45A07F5363CD26A3A103A52BDEFD27D76ADDE3096A4F8F01063D9A20186D2AA9
File Size: 2.51 MB, 2506578 bytes
MD5: ba3eaec5b99f0aea3f37bae669d6b4ee
SHA1: b18cf3f087d3b712b7bed2f131e0cf546369ddac
SHA256: 68159A3588765E23345976174BB9AE3C146ECF509EFF15240A875CA8A5786B92
File Size: 4.75 MB, 4745496 bytes
MD5: fdb3ab05d80e6987dde4d9fbe219735f
SHA1: 46b3f330f91b6be6bacf32a39941891f88e0aeef
SHA256: A803361DE2AD02CA4882EA30D46F2DDD1707FACA7F46CB64E619B5D6E90BD5ED
File Size: 4.20 MB, 4201472 bytes
MD5: 9c8931832e90c835c1b51934f8a80bb0
SHA1: d3d77b50216bca8e8aaa2d67b5b271dabb7a15aa
SHA256: 6D11893641909F682BA8288D0B4187B93540DE0672A68F413BE75675B8405B6E
File Size: 3.87 MB, 3866622 bytes
MD5: 24ebe111393bc18c8b5284cd5710bbfd
SHA1: 674b4008f8ead49b7067b2d396a11115b193683c
SHA256: C420D7EBEC509E73CC73D14479C2FE170CF7B6E8659A4E47F260C7B420811C83
File Size: 4.22 MB, 4218680 bytes
MD5: 3153cb8b28c26c8e3d3f53537d016386
SHA1: 1c9b7d93a92930b5269ba712655791916c7656dd
SHA256: 1A336A3B5A37E32E32A516498FC5E9D3D81CF03E75AB856B063F7EFA5DBB304A
File Size: 2.89 MB, 2891718 bytes
MD5: e36ea94f20464e0a9c6a5b2df8313221
SHA1: 2946bce1ef5dfc05524a5771323e29fe35671899
SHA256: 791CB83FFD622165F39B2C21A6699D334D0705E71DC17EF7571AF6AAAA06A592
File Size: 4.41 MB, 4406009 bytes
MD5: beb5673e9aca7365d47533cef4284116
SHA1: 3f6e5f39439c90ff4e9b2aa0430e58edac54381e
SHA256: 853953753F9A2689F3ADC6A9F0367A204AFE046C1896B49555D3C41B64FDA71C
File Size: 5.49 MB, 5490327 bytes
MD5: 4b3574292a720a987bc9498da3ec517e
SHA1: 3b47fe70416d9970aeb2c3db9c4132e1513cb6da
SHA256: 449494B72133E56B377AB6E729984D0558154D28B50B35C496751F35A47D1F44
File Size: 3.08 MB, 3084288 bytes
MD5: 262f5782c01db1e85130fb9924e8268c
SHA1: cacb5d3bf52ec586a25f807684ec48bb011fbb09
SHA256: D5204D6C417BC9A078A29D9C4ACECA0ADD586B885B3E67E1ED5814BAF561BF77
File Size: 3.44 MB, 3436032 bytes
MD5: f088bf424c13cfb852635bbe818a830c
SHA1: b0ba48fa9fd3f6fbe2345b34e4234c111178f2a3
SHA256: 0F9552CF4EB7962022E031A5F335E7F984260D08328BD2C0B76F40D0360044BD
File Size: 5.50 MB, 5502744 bytes
MD5: 18bfa48739281191c9c8d4c8941ce913
SHA1: aaee3f0123206d0f01694740e6532d64211bc0a1
SHA256: 0341F33C37F9976F97A3337EC36F94F2F89999A4D7EF7E472E4E770B89C1DABB
File Size: 2.87 MB, 2866945 bytes
MD5: cf57f01a17f445df53ef95afc5f43595
SHA1: 2604a775d0adafaf4269a7787e803c6f2006c89b
SHA256: 71848D54E0604FD6BBE15F37E77451879B892EC5224B4F7F8C7CEE45EF463169
File Size: 9.11 MB, 9105107 bytes
MD5: 43f7d8b769325e7a965e1d3ba5193940
SHA1: 0abb830c7c1bc14a50ac4fca05fda04688c1877c
SHA256: A4249D8E7607404AF4C2151AD2417F466CEAEDFE4894E83F68BC788B8BD5797A
File Size: 5.68 MB, 5679418 bytes
MD5: 666e726b2f352e4f63d5d6728ac00e5e
SHA1: 0fe77652315ea4b67c68a566079f732eaa0d4b6f
SHA256: B2131C5F67605E8BFC4E8750F4A8C09FF00DC3E2523DC66C4A789174E5E5A02E
File Size: 4.28 MB, 4276259 bytes
MD5: 89376553fa5758834ecb055ff9ab18a0
SHA1: 710f46b05e1243cccdddf353481663ccb96d64e9
SHA256: 8BB929504FC385BF5D244F2A6EA5678E72F7E57A401B7E77E2501BFB15200380
File Size: 4.01 MB, 4005886 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

505 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version 1.1.0.0
Comments
  • Free Shredder Utillity 🙂
  • Freeware
  • Made in Ukraine
  • Mass renamer for files
  • Part of Au˜slogics Programs
  • Save your configurations
  • This installation was built with Inno Setup.
  • This is a companion to FileAlyzer.
  • VideoGet - software for downloading online video
  • Voicemeeter APA, Audio Processing Application
Show More
  • VOVSOFT
Company Name
  • 3delite
  • ACE Lab
  • Ainvo Group
  • AMS Software
  • Aus˜logics
  • BackupFly Software
  • Bcebyte
  • BK Software
  • BT Software
  • C-FH
Show More
  • CA Software
  • CE Software
  • ChampLab
  • Codium Labs LLC
  • CT Software
  • CV Software
  • CWTuning Software
  • DataNumen, Inc.
  • DE SOftware
  • DIG Software
  • DK Software
  • DVDInfoPro Elite
  • DV Software
  • EAP Software
  • FDRLab Data Recovery Centre
  • H&M System Software GmbH
  • Homeer Software
  • JackRob
  • JerkSoft
  • Kurkov Software
  • Lyd phtjuc
  • MindGems, Inc.
  • Nuclear Coffee Software
  • Online Media Technologies Ltd.
  • PlayStat
  • Pow Tools
  • Safer Networking Limited
  • SCEbyte
  • SlimWare Utilities, Inc.
  • Tiger grp
  • Ubisoft
  • Viki Software
  • Vitaliy Levchenko Software
  • VITSOFT ®
File Description
  • Ainvo Disk Defrag
  • Ainvo Disk Explorer
  • Application update utility
  • AVS Video Burner
  • AYA NEO Drive
  • BackupFly GUI Part
  • Batch file renaming utility
  • BK Store Pack
  • Bootlogger for Windows
  • BTA micro series
Show More
  • Business Card Designer Plus
  • cache viewer
  • CE Photo Editor
  • ChampLab Screen Recorder
  • Chasys Draw IES Converter
  • CloseApplication
  • CTV Game Plugin
  • CV viewer plugin
  • Design Pro Studio
  • Digest Feedback
  • Disk Write Copy управляющая программа
  • DKIM Authenticator library
  • DrawPad Graphic Design Software
  • DVDInfoPro Setup
  • DV Sample Construct
  • EAP Game Console
  • EB MP4 Downloader
  • Effector Saver 3
  • EncMgr
  • Equal Math Calculator
  • FileMenu Tools
  • File Shredder
  • Folder list and analysis tool
  • Font Runner
  • FotoSketcher
  • Gamelogger for Windows
  • Gaming PC
  • HEIC Converter
  • JackRob Screen Recorder
  • Lyd xvwogc
  • Mass files renamer
  • Migration Module
  • MvAudioInfo
  • Officiis Setup
  • OrangeCD Player
  • Puran Delete Empty Folders
  • S.M.A.R.T. Vision Utility
  • Save your configurations
  • Shell Extension
  • Simple 8x8 Audio Matrix for Voicemeeter Output BUS
  • SlimCleaner
  • StudioLine Starter File
  • TaggedFrog
  • TUGZip archiver
  • Ubisoft Connect WebCore
  • VideoGet
  • Vit Uninstall Manager - for Windows XP/VISTA/7/8
  • Volume Peak Meter
  • Website Screenshot Generator
  • Windows shell context menu editor for ImBatch
  • WinTuning Clipboard Monitor
  • WinTuning Software Manager
  • ФотоВИНТАЖ
  • Экранная Камера
File Version
  • 142.2.10887.18
  • 23.8.9.9
  • 19.10.9900
  • 12.24.2.0
  • 12.1.7454.7000
  • 11.0.0.379
  • 10.24.0.525
  • 10.24.0.524
  • 9.7.0.94
  • 8.3
Show More
  • 8.2.0.0
  • 7.6.0.0
  • 7.3.3.3
  • 7.0.5.100
  • 6.7.2608.9821 (aaah.180438-1885)
  • 6.7.0.1
  • 6.5.9.28930
  • 6.05.0002
  • 5.0.7.0
  • 5.0.0.0
  • 5, 65, 1194, 0
  • 5, 30, 7, 16
  • 5, 30, 1, 0
  • 4.21.0.1809
  • 4.5.2023.606
  • 4.5.2023.16
  • 4.2.6.30
  • 4.1.0.1796
  • 4.1.0.1791
  • 4.1.0.15
  • 4, 1, 1, 1
  • 3.5.5.28
  • 3.3.33.11
  • 3.3.8.0
  • 3.2.4.155
  • 3.0.18.1
  • 3.0.6.5
  • 3, 4, 1, 5
  • 2.8.5.202
  • 2.5.721.0
  • 2.5.6.2
  • 2.5.5.57
  • 2.5.5.4
  • 2.5.0.0
  • 2.4.11.3
  • 2.4.9.25
  • 2.4.9.21
  • 2.4.9.10
  • 2.4.9.9
  • 2.4.8.30
  • 2.4.8.29
  • 2.4.8.18
  • 2.4.8.14
  • 2.4.8.7
  • 2.4.7.29
  • 2.4.7.17
  • 2.4.1.65
  • 2.3.9
  • 2.2.8.6
  • 2.0.0.5489
  • 2.0.0.0
  • 2,4,1,470
  • 1.10.21.4
  • 1.6.3.233
  • 1.6.0.3
  • 1.5.3.1
  • 1.5.1.11
  • 1.5.0.3569
  • 1.5.0.0
  • 1.3.90.129009
  • 1.3.1.0
  • 1.2.4.134
  • 1.2.0.1
  • 1.1.7.11
  • 1.1.0.15
  • 1.0.20.124969
  • 1.0.11.23
  • 1.0.6.160
  • 1.0.3.22
  • 1.0.0.59
  • 1.0.0.1
  • 1.0.0.0
  • 1, 0, 1, 1
  • 1, 0, 0, 4
  • 0, 1, 1, 3
Internal Name
  • AcroBroker.exe
  • AYA NEO Drive
  • BACKSVC.EXE
  • BACKUPFLY.EXE
  • BCDP
  • Bcebyte.exe
  • BK Store Pack
  • Bootlogger.exe
  • BTA micro series
  • C-FH
Show More
  • cache viewer
  • CE Photo Editor
  • ChampLab Screen Recorder
  • ClipboardMonitor.exe
  • cmdfmt.exe
  • ContextMenuEditor
  • Converter
  • CTV Game Plugin
  • CV viewer plugin
  • Delete Empty Folders.exe
  • Design Pro Studio
  • Digest Feedback
  • DiskWriteCopy.exe
  • DivRecorder.exe
  • DKIM Authenticator library
  • DrawPad
  • DV Sample Construct
  • EAP Game Console
  • Easy Update
  • EncMgr
  • Equal Math Calculator
  • FFRestorer
  • File Shredder
  • FoldAlyzer
  • FoRunner.exe
  • Gamelogger.exe
  • Gaming PC.exe
  • GerbView
  • HEIC Converter
  • IsthAux
  • libEGL
  • Migration Utility
  • MSICompat.exe
  • mvAudioInfo
  • NikSaver
  • PhotoVintage
  • RemManager.exe
  • renamus.exe
  • S.M.A.R.T. Vision
  • SCREENCAPTURE
  • shellextension
  • SlimCleaner
  • StudioLine
  • TaggedFrog.exe
  • Tiger Files Renamer
  • TUGZip
  • VideoGet
  • Vit Uninstall Manager
  • web core
  • Website Screenshot Generator
Legal Copyright
  • (c) Codium Labs LLC, 2022
  • 2007.
  • ACE Laboratory 1991-2010
  • Ainvo Group
  • Copyright (C) 2001-2023, JerkSoft
  • Copyright (C) 2004-2013 VitSoft ®
  • Copyright (C) 2008
  • Copyright (C) 2022
  • Copyright (C) 2023
  • Copyright 2001-2014 by DataNumen, Inc.
Show More
  • Copyright Vitaliy Levchenko Software
  • Copyright © 2008-2020 Auslog˜ics Labs Pty Ltd
  • Copyright © 2011 3delite
  • Copyright © Nuclear Coffee
  • MindGems, Inc.
  • NikSaver
  • Online Media Technologies Ltd. 2020
  • © 2003-2008 Safer Networking Limited. All Rights reserved.
  • © AMS Software, 2003-2020
Legal Trademarks
  • Ainvo Group
  • Copyright © 2008-2020 Ausl˜ogics Labs Pty Ltd
  • Copyright © 2011 3delite
  • CWTuning Software
  • FileAlyzer and FoldAlyzer are trademarks by Safer Networking Limited.
  • GerbView
  • NikSaver
Original Filename
  • AcroBroker.exe
  • avi_previewer.exe
  • AVSVideoBurner.exe
  • AYA NEO Drive
  • BACKSVC.EXE
  • BACKUPFLY.EXE
  • BCDP.EXE
  • Bcebyte.exe
  • BK Store Pack
  • Bootlogger.exe
Show More
  • BTA micro series
  • C-FH
  • cache viewer
  • CE Photo Editor
  • ChampLab Screen Recorder
  • ClipboardMonitor.exe
  • cmdfmt.exe
  • ContextMenuEditor.exe
  • Converter.exe
  • CTV Game Plugin
  • CV viewer plugin
  • Delete Empty Folders.exe
  • Design Pro Studio
  • Digest Feedback
  • DiskWriteCopy_Exe.exe
  • DivRecorder.exe
  • DKIM Authenticator library
  • DrawPad.exe
  • DV Sample Construct
  • EAP Game Console
  • EasyUpdate.exe
  • EncMgr.exe
  • FFRestorer
  • FoldAlyzer.exe
  • FoRunner.exe
  • fsc.exe
  • Gamelogger.exe
  • Gaming PC.exe
  • GerbView.EXE
  • IsthAux.exe
  • libEGL.EXE
  • Migrate.exe
  • MSICompat.exe
  • mvAudioInfo
  • NikSaver
  • ORANGECD.EXE
  • PhotoVintage.exe
  • PlayStat.exe
  • recorder.exe
  • RemManager.exe
  • Renamer.exe
  • renamus.exe
  • S.M.A.R.T. Vision
  • SCREENCAPTURE.EXE
  • shellextension
  • Shredder.exe
  • SlimCleaner.EXE
  • StudioLinePhoto.exe
  • TaggedFrog.exe
  • TUGZip.exe
  • UplayWebCore.exe
  • VideoGet.exe
  • Vit Uninstall Manager.exe
  • Volume Peak Meter
  • wsgen.exe
Product Name
  • Ainvo Disk Defrag
  • Ainvo Disk Explorer
  • Avi Previewer DEMO
  • AVS Video Burner
  • AYA NEO Drive
  • BackupFly
  • Bcebyte
  • BK Store Pack
  • BootRacer
  • BTA micro series
Show More
  • Business Card Designer Plus
  • cache viewer
  • CE Photo Editor
  • ChampLab Screen Recorder
  • CloseApplication
  • cmdfmt
  • Context Menu Editor
  • CTV Game Plugin
  • CV viewer plugin
  • Design Pro Studio
  • Digest Feedback
  • DKIM Authenticator library
  • DrawPad
  • DVDInfoPro
  • DV Sample Construct
  • EAP Game Console
  • Easy Update
  • EB MP4 Downloader
  • Effector Saver 3
  • EncMgr
  • FFRestorer
  • File Shredder
  • FoldAlyzer
  • FoRunner.exe
  • FotoSketcher
  • Gamelogger
  • Gaming PC
  • GerbView
  • HEIC Converter
  • JackRob Screen Recorder
  • libEGL
  • Migration Module
  • mvAudioInfo
  • NikSaver
  • Officiis
  • OrangeCD Suite
  • PlayStat
  • Puran Delete Empty Folders
  • Rename Us
  • S.M.A.R.T. Vision
  • Shared Library
  • SlimCleaner Application
  • SpeedCommander
  • StudioLine
  • TaggedFrog
  • Tiger Files Renamer
  • TUGZip
  • Ubisoft Connect
  • VideoGet
  • Vit Uninstall Manager™
  • Website Screenshot Generator
  • WinTuning Utilities
  • ФотоВИНТАЖ
  • Экранная Камера
Product Version
  • 142.2.10887.18
  • 23.8.9.9
  • 19.10
  • 12.1.7454.7000
  • 11.0.0.379
  • 10.24.0.525
  • 10.24.0.524
  • 9.7.0.94
  • 8.90
  • 8.3
Show More
  • 8.2.0.0
  • 7.3.3.3
  • 7.3.0.0
  • 7.0.5.100
  • 6.7.2608.9821
  • 6.5.9.28930
  • 6.1.0.1
  • 6.05.0002
  • 6.0.1899
  • 5.3.5.10
  • 5.0.7.0
  • 5.0
  • 5, 65, 1194, 0
  • 5, 30, 7, 16
  • 5, 30, 1, 0
  • 4.21
  • 4.5.2023.16
  • 4.2.6
  • 4.1.0.1791
  • 4.1.0.15
  • 4.0.0.0
  • 4, 1, 1, 1
  • 3.5.5.28
  • 3.3.33.11
  • 3.3.7.1
  • 3.2.4.155
  • 3.0.6.5
  • 3.0
  • 3, 4, 1, 5
  • 2.8.5
  • 2.5.6.2
  • 2.5.5.4
  • 2.5.0.0
  • 2.5
  • 2.4.11.3
  • 2.4.9.25
  • 2.4.9.21
  • 2.4.9.10
  • 2.4.9.9
  • 2.4.8.30
  • 2.4.8.29
  • 2.4.8.18
  • 2.4.8.14
  • 2.4.8.7
  • 2.4.7.29
  • 2.4.7.17
  • 2.4.1.65
  • 2.3.9
  • 2.2.8.6
  • 2.0.0.0
  • 2,4,1,470
  • 1.52
  • 1.10.21.4
  • 1.6.0.3
  • 1.5.1.11
  • 1.5.0.3569
  • 1.5.0.0
  • 1.3.90.129009
  • 1.3.0.1
  • 1.3
  • 1.2.4.134
  • 1.2.0.1
  • 1.1.7.11
  • 1.1.3
  • 1.1.0.15
  • 1.0.20.124969
  • 1.0.11.23
  • 1.0.3.22
  • 1.0.0.59
  • 1.0.0.1
  • 1.0.0.0
  • 1.0
  • 1, 0, 1, 1
  • 1, 0, 0, 4
Program I D com.embarcadero.CloseApplication

File Traits

  • 2+ executable sections
  • HighEntropy
  • imgui
  • Installer Version
  • No Version Info
  • upx
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 2,483
Potentially Malicious Blocks: 66
Whitelisted Blocks: 1,174
Unknown Blocks: 1,243

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? 0 0 x ? 0 0 ? ? ? 0 ? 0 x ? ? ? ? 0 x ? ? ? 0 ? 0 ? ? ? ? x ? ? ? ? x x x ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? x ? 0 0 ? ? ? x ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? x ? x 0 ? 0 ? 0 ? ? x ? ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? x ? ? 0 0 ? ? ? 0 ? ? ? ? ? 0 0 ? 0 ? ? x ? ? ? 0 ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? x ? 0 ? ? ? ? ? 0 x ? ? 0 0 ? ? 0 0 0 ? ? ? ? 0 x ? 0 0 ? ? ? ? 0 ? x ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? x ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? x ? x ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? x ? 0 x ? ? x 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? x ? ? 0 0 ? ? ? 0 ? 0 0 0 ? x ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 x ? ? ? ? ? 0 0 0 ? 0 0 0 0 x ? ? ? x ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? 0 x ? 0 0 ? ? ? ? 0 0 ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? 0 0 ? 0 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? x ? ? ? 0 0 ? 0 0 0 ? ? ? ? ? x ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? x 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files (x86)\dvdinfopro\changelog.rtf Synchronize,Write Data
c:\program files (x86)\dvdinfopro\dvdinfo.chm Synchronize,Write Data
c:\program files (x86)\dvdinfopro\dvdinfo.exe Synchronize,Write Data
c:\program files (x86)\dvdinfopro\dvdinfopro.dll Synchronize,Write Data
c:\program files (x86)\dvdinfopro\gdiplus.dll Synchronize,Write Data
c:\program files (x86)\dvdinfopro\graphic templates.zip Synchronize,Write Data
c:\program files (x86)\dvdinfopro\is-28h0k.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-2cdq0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-4maol.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-bhe37.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\program files (x86)\dvdinfopro\is-d67d3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-df9gl.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-dnbgg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-ef9c3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-g11gk.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-looer.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\is-rjoo5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\madlldlib.dll Synchronize,Write Data
c:\program files (x86)\dvdinfopro\magicburner.chm Synchronize,Write Data
c:\program files (x86)\dvdinfopro\unins000.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dvdinfopro\unins000.exe Synchronize,Write Data
c:\program files (x86)\dvdinfopro\webupdate.dll Synchronize,Write Data
c:\programdata\microsoft\windows\start menu\programs\dvdinfopro\dvdinfopro.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1ls8j.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-9vrij.tmp\dbfdc079d734aa3c35cee2d3547d638e91245d8a_0005572144.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-aucu8.tmp\0abb830c7c1bc14a50ac4fca05fda04688c1877c_0005679418.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qun3t.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-qun3t.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-qun3t.tmp\est.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qun3t.tmp\est.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-qun3t.tmp\sqlite3.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::inno setup: setup version 5.6.0 (a) RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::inno setup: app path C:\Program Files (x86)\DVDInfoPro RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::installlocation C:\Program Files (x86)\DVDInfoPro\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::inno setup: icon group DVDInfoPro RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::inno setup: user Huuwrhtc RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::inno setup: language english RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::displayname DVDInfoPro 7.7.0.2 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::uninstallstring "C:\Program Files (x86)\DVDInfoPro\unins000.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::quietuninstallstring "C:\Program Files (x86)\DVDInfoPro\unins000.exe" /SILENT RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::publisher DVDInfoPro Elite RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::urlinfoabout http://www.dvdinfopro.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::helplink http://www.dvdinfopro.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::urlupdateinfo http://www.dvdinfopro.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::norepair  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::installdate % RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\dvdinfopro_is1::estimatedsize RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Process Shell Execute
  • CreateProcess
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Network Winsock
  • closesocket
  • gethostbyname
  • send
Encryption Used
  • CryptAcquireContext
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Huuwrhtc\AppData\Local\Temp\is-9VRIJ.tmp\dbfdc079d734aa3c35cee2d3547d638e91245d8a_0005572144.tmp" /SL5="$80054,5243241,197632,c:\users\user\downloads\dbfdc079d734aa3c35cee2d3547d638e91245d8a_0005572144"
"C:\Program Files (x86)\DVDInfoPro\DvdInfo.exe"
"C:\Users\Uehgiokf\AppData\Local\Temp\is-AUCU8.tmp\0abb830c7c1bc14a50ac4fca05fda04688c1877c_0005679418.tmp" /SL5="$50330,5294083,119296,c:\users\user\downloads\0abb830c7c1bc14a50ac4fca05fda04688c1877c_0005679418"
"C:\Users\Uehgiokf\AppData\Local\Temp\is-QUN3T.tmp\Est.exe" 8183fa514669b459ab338f2e511bd628

Trending

Most Viewed

Loading...