Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Small

Trojan.MSIL.Small

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,166
Threat Level: 80 % (High)
Infected Computers: 9,492
First Seen: August 28, 2016
Last Seen: April 22, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Trojan.MSIL.Small

File System Details

Trojan.MSIL.Small may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. file.exe 7ecba17113fcf0bc03054c7614c6244e 0

Analysis Report

General information

Family Name: Trojan.MSIL.Small
Signature status: Root Not Trusted

Known Samples

MD5: 84d67a475ae926201d53c3dabf507f8a
SHA1: d2c9d80d160bf51baa83d349bb7d84240cda0142
SHA256: F6A181E4513A0F7C197B9D10D95915B6377C34EB38B1FCA15154223078595748
File Size: 8.58 MB, 8581632 bytes
MD5: 240b40a4f66eb39f44800b61f84f9340
SHA1: c7687105834e3fc15a46e51f67bccd68b51aa5f4
SHA256: 4E97BE78A16F1F5F2751C78315D64962DF87ED4FA4A5A796DB52E53E83DEECDB
File Size: 6.14 KB, 6144 bytes
MD5: d3a7afd343457675829bf85e8dba3a24
SHA1: 85bd0f482e23e5e96ccbcfbe73af6d47d74f1b3a
SHA256: 60D52B3E92DB7CD20138AD5ACC3C5883953A77678B2A046713B35217B07220CB
File Size: 6.14 KB, 6144 bytes
MD5: 96cc565ef089b29e364d18b7f5697c9c
SHA1: b38e9d5238afb954ba93f63c57105176decc1b2d
SHA256: AA09D032FCFD67BA1171B848FFB5EF115C66B58515B74FEC062E6EAD163833D4
File Size: 905.24 KB, 905240 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 2.1.8881.31507
Comments GoLabel
File Description GoLabel
File Version
  • 2.1.8881.31507
  • 0.0.0.0
Internal Name
  • CheckPortJS.exe
  • findPID.exe
  • GoLabel.exe
Legal Copyright Copyright © 2012
Legal Trademarks BP
Original Filename
  • CheckPortJS.exe
  • findPID.exe
  • GoLabel.exe
Product Name GoLabel
Product Version 2.1.8881.31507

Digital Signatures

Signer Root Status
АО "ЦентрИнформ" УЦ 1 ИС ГУЦ Root Not Trusted

File Traits

  • .NET
  • HighEntropy
  • Installer Version
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\05.12.2017.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\05.12.2017.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_6848312 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\addressbook Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook\@30= 8a?> Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook\@30= 8a?> Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook\$!!.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook\$!!.cer Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\rarsfx0\addressbook\$545@0 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbook\$545@0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\5@<0= ab0@k9.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\5@<0= ab0@k9.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\20 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\20 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\@ Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\@ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\@30= 8a?> Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\@30= 8a?> Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\ >a0 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\ >a0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\!5@b8d8:0b $!  - 45: Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\!5@b8d8:0b $!  - 45: Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\#4>ab>25@oni89f5=b@ $!  .crt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\#4>ab>25@oni89f5=b@ $!  .crt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\$!  45: Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\$!  45: Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\$545@0 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\$545@0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1@30= 8a?> Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1@30= 8a?> Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& ab@e.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& ab@e.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #&  Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #&  Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& !$.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& !$.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& :b1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& :b1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 7=d..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 7=d..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& @2..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& @2..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& @4d.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& @4d.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& a:..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& a:..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 6.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 6.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& $ .cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& $ .cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& =7.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& =7.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 7d.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 7d.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& !?1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& !?1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& # Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& # Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& #$.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& #$.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 1! #& 1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& ab@e.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& ab@e.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #&  Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #&  Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& !$.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& !$.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& :b1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& :b1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 7=d.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 7=d.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& @2..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& @2..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& @4d.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& @4d.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& a:..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& a:..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 6.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 6.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 2a1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 2a1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& $.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& $.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& =7.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& =7.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 7d..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 7d..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& #.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& #.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& #d..cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& #d..cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1 & #& 2! #& 1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1$545@0 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\1$545@0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\2 & #& 1! #& 2a1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\2 & #& 1! #& 2a1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\2 & #& 1! #& 1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\2 & #& 1! #& 1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3 & #& 1! #& ?f.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3 & #& 1! #& ?f.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3cf daa 2014.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3cf daa 2014.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3cf daa 25,06,2015.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\3cf daa 25,06,2015.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\4 & #& 2! #& ?f.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\4 & #& 2! #& ?f.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\a5@8d8:0b ac1j5:b0 ab0@k9.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\a5@8d8:0b ac1j5:b0 ab0@k9.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\daa e0ao=>2 31,08,2015.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\daa e0ao=>2 31,08,2015.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\e0ao=>2 04,06,2014.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\e0ao=>2 04,06,2014.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2011.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2011.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2012.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2012.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2013_qualified.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2013_qualified.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2015_qualified.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2015_qualified.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2016_qualified.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\f4_fss_rf_2016_qualified.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\guc_fss_rf_2015.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\addressbookremove\guc_fss_rf_2015.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< astrf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< astrf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< blgf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< blgf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ef.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ef.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< krdf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< krdf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< krvf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< krvf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< mskf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< mskf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< nf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< nf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< nvsf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< nvsf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< pf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< pf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< pkf .cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< pkf .cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< rznf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< rznf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< spb.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< spb.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ufmf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ufmf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ulnf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\ &5=b@=d>@< ulnf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1! #&.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1! #&.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1 ! #& (3).cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1 ! #& (3).cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1 ! #&(4).cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 1 ! #&(4).cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 2 ! #&(1).cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\#& 2 ! #&(1).cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\$!!1.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\$!!1.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\0ab@e 2015 cf 1 8a 3cf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\0ab@e 2015 cf 1 8a 3cf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2015 #& 1 ! #&(2).cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2015 #& 1 ! #&(2).cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017astrf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017astrf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017blgf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017blgf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017ef.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017ef.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017krdf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017krdf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017krvf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017krvf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017lpcf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017lpcf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017mskf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017mskf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017nf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017nf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017nvsf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017nvsf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017pf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017pf.cer Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017pkf.cer Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca\2017pkf.cer Synchronize,Write Attributes

820 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
Show More
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Pkuekttv\AppData\Local\Temp\RarSFX0\CertInstaller.exe

Related Posts

Trending

Most Viewed

Loading...