Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Patcher.C

Trojan.Patcher.C

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 462
Threat Level: 90 % (High)
Infected Computers: 94,882
First Seen: July 24, 2009
Last Seen: April 14, 2026
OS(es) Affected: Windows

Aliases

5 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Symantec Trojan.Kibik!inf
Panda W32/PatchLog.P
Microsoft Trojan:Win32/Patched.J
eTrust-Vet Win32/Eldycow.P
AntiVir HEUR/Malware

SpyHunter Detects & Remove Trojan.Patcher.C

File System Details

Trojan.Patcher.C may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. ntiMUI.exe 184153149155ba5fda1284b66c9e6f30 0

Analysis Report

General information

Family Name: Trojan.Patcher.C
Signature status: No Signature

Known Samples

MD5: 07dddaf543a58590143cb402eb782d4f
SHA1: b9e5c797dafdc4c2a18c5dd570d826ec526d9bb8
File Size: 212.48 KB, 212480 bytes
MD5: 549ea60394e29511bce76984faf39402
SHA1: 8107d9d52387f47e445498a4daba438b536756df
File Size: 161.28 KB, 161280 bytes
MD5: 0ce60ddf9b7db5433df1ddd0f816c203
SHA1: d4574349561413710f273c7e90b0ce763cfee93b
File Size: 861.18 KB, 861184 bytes
MD5: 3bcead036ca0bab5304a4b1080231e7d
SHA1: 212f5c1954b33bfcf66924bf05a0ef1d312618cd
File Size: 65.54 KB, 65536 bytes
MD5: 2b5b7b039952d7e4d9f2b0f62ec43470
SHA1: effc3e2ce306d27dc6da5380f1932b16d977b3dd
File Size: 74.24 KB, 74240 bytes
Show More
MD5: 8ee2620ef3622c0240aa11ef46517740
SHA1: fb6a7b00001f5195ca31490657a017c1394cd38b
File Size: 432.35 KB, 432347 bytes
MD5: 1266f9a6f03ef969566f4947ed7c4247
SHA1: 96e4dce8427f159008ed00b186405654eb0a1bff
File Size: 161.79 KB, 161792 bytes
MD5: 397c5a02f3befefc4b68db61084cf493
SHA1: 17f82fb016fb318a04e9c29b5260bc4f0a06179b
File Size: 161.28 KB, 161280 bytes
MD5: bf7428f3cba3d45e6e50c19faa37b248
SHA1: 796f2cd8731fcf208d3d2d8af5795df8d1cbca35
File Size: 20.48 KB, 20480 bytes
MD5: bbca11dfeb176f8beb5e2d7184ae491d
SHA1: cb99accb3baec7abff887fe5791811168694dda2
File Size: 9.95 MB, 9954080 bytes
MD5: 76f691b0e715d2a43656e8411046bb9f
SHA1: 30d237f874d4b1b964daada00463b8523b52fe6e
SHA256: 12ECABC48F5C319C1F81248B18875F78AD272D8CCA4CD13E21D6C58699A6958A
File Size: 1.48 MB, 1482752 bytes
MD5: 5a8bf1048f659294d534e59e24b43b7b
SHA1: 1ee1e552155639fc90f4e161fc37d22d435e6750
SHA256: 55CA880FE45EE2D6946DA62582EEA6FBAFEEA7C83B9183BD95AB8EB73C6952A8
File Size: 77.31 KB, 77312 bytes
MD5: 7eb2d61da0a25c5e429f34fb178ed87f
SHA1: 1c673ae4f52bc0c31c58cbe1cb2e13934ffb2ebd
SHA256: 55C20EA2BACA955A94635AFBDDE916559CF55AA49F95BEC623DD50871A8B0F07
File Size: 524.29 KB, 524288 bytes
MD5: 6ccd6546e74073388b08087b023a0126
SHA1: cbc41648717effa61cf4394bb391530cfba1fb40
SHA256: 7DA8D6B3697B3132D3C692C93AD178BC396FB6FF46E6A7423D701C38F2EB9BB2
File Size: 212.48 KB, 212480 bytes
MD5: c66ec416da3985809c1e34e015d2e7a2
SHA1: 4257e3f743d557a6854dbf3375d436d6b44874fe
SHA256: 9AD038A834360CFBBFB9F26EC3E07F42B4137352D03F011201DC5C00358AF1BC
File Size: 571.90 KB, 571904 bytes
MD5: 377243deac39f456cee5b1e697f7220a
SHA1: da725bd576eb8c0ea57f77a6e8f456f7e162229e
SHA256: A0D8FB2BDFDD4879CA9719563D25772D8BC662FA4519035E5DB751C59006F421
File Size: 67.58 KB, 67584 bytes
MD5: 6f6dbbdcc636cbcf1f6f17e3ec117bed
SHA1: 3f3ffb4af8a7b90d6e8ff0d0612b27b6bb3a9d27
SHA256: 08F6AEA212D32CE6387A8A10927B588FD2AFA96B0E69ADACEE3DE5EFA425EE32
File Size: 211.46 KB, 211456 bytes
MD5: a47e21db5b46cdaa04f2af931c649c21
SHA1: e2e48cd957578abac618a3239c3f4b452388653d
SHA256: 44F2BC40A3A37D969B5235B61041F217021859D84E41225E9ADAF545C7444CFC
File Size: 13.31 KB, 13312 bytes
MD5: 0f78d292f975618bd4b7723aaca36c85
SHA1: 2804d1c87cae953714bf29f0c8aef861afbc8add
SHA256: B791176F0DFFDF3AD020D661A6C0F7D3958075FD9057C2DEC94588DEE3BFD5E4
File Size: 515.58 KB, 515584 bytes
MD5: e8ebb4d228260488c1b5bc525f9f152a
SHA1: 43b14a317f6f5d9c88f4ae0c6a519e1b13b5e8f6
SHA256: 1C1D5F028E6759F8BBA750A94C963C3BF51BFDD2F6462CA496B54231E46B705F
File Size: 62.98 KB, 62976 bytes
MD5: cf8fd2b95c573b11935d7df691feed4e
SHA1: 5f28fa6aeb2c1991c4c7233dfc781df083782a72
SHA256: C444ACE8C022C2F607F8CD862BF9DCD49CBA5524226B2C8F3C2FF3BB83E7D6FE
File Size: 169.98 KB, 169984 bytes
MD5: add9f186e7f740b7f6d2796d4a4d39d0
SHA1: 2dd1596444ba5bc347de570e61b6ef125ad7fecb
SHA256: EF118F8543E6A7901E928A8722B4ABE71112FAA35D0C557B40991DB28191DEF2
File Size: 343.99 KB, 343991 bytes
MD5: e6e861f4d5ce002d795db1028fd601cb
SHA1: ee382deea3917fc2f17f1b0df5907ad176d01197
SHA256: 4740E2D727CC728AE08031228857047EDF192BB8953D4339D9BFE63616AB3230
File Size: 492.54 KB, 492544 bytes
MD5: 94fea3707816d1ceebdeb025a262d8ef
SHA1: d19ba3c6a36d7acf286102c9cc436236b49db8a5
SHA256: 538245B80D23A1399DBA980E115A7D0A99291D201724B6643FD0BB45099C6EC1
File Size: 155.30 KB, 155299 bytes
MD5: c4ca7bebd415741be2f311192cc8274e
SHA1: 34bf114b6416be81481a6a4a09614e6084c99788
SHA256: 5DF34C8CC4CC6ECAF4DABA2D233862390DD17BD1726FB9C05112A3C05927C939
File Size: 80.90 KB, 80896 bytes
MD5: d35920e9e42d4833e62868c5b8b518f0
SHA1: ea3edae37c44838cfa653839de477eb87d96d8d5
SHA256: ECC05AC1FA715231BE526C138DF4464187A8BDB5926303EE9B0FD2512449BE72
File Size: 344.03 KB, 344033 bytes
MD5: ba7e1ee37140c04343ad372826663256
SHA1: 7530a35cced4125ecfa447c49b440452f832a675
SHA256: F71009F3CEE351B5B4C2ED19ECD0C6EE8A79FD4D9E26C7AA52826EDE3675C052
File Size: 899.47 KB, 899466 bytes
MD5: 106d746a8d7c29204bc84a08527f26d3
SHA1: fa031f8537de35afced07b0cfd150174a7a1e331
SHA256: 89133EF8945346EAC934DB694486320E67C39A41E87BE165A0C3DD6B6F182A5A
File Size: 616.13 KB, 616129 bytes
MD5: 860615d7d4f976f27d5ac5525f723fa2
SHA1: 245af545ef77df646066f73ba68d498af6ff8be8
SHA256: C8D3987B7BE92A92B22237F8C6A9F7A5E382804DE38988601BF865E6165C263E
File Size: 75.26 KB, 75264 bytes
MD5: e7cd65ecbf5647bd57ad9018c9c05e3d
SHA1: 7fb60006981772e4349c465e2767499ab32bf994
SHA256: 6B454C70AC7FEEE39C65CAC3529217F32BBEE930B3ACC6BA1B61A04831DCC0E2
File Size: 210.94 KB, 210944 bytes
MD5: 7a6cd290c40fe2f8651076fad7b59af0
SHA1: d622425d70d19b2a61c4ee01562c61f57277b973
SHA256: E8CD008DC56888555136F8B26090124B5D3FF1D7EEC4BAD026F12F6E245F5D37
File Size: 355.33 KB, 355328 bytes
MD5: 40a9abbfefc766d2b825438b5e8c95d5
SHA1: 9f7f811e9281bb6be18eab2f3e188b22f114d67e
SHA256: 8B3DD92A05E5EB402A7EE077789D521646DC4AD73909CE497EE0A2246E1C6A56
File Size: 2.50 MB, 2497797 bytes
MD5: c6781720b331fa181b7ab81a726ec59f
SHA1: c279f94c76d32498c4182db614fc0ea4b15eb817
SHA256: 6577D776260E748F3451F099B94704DBC55AA75F10583E3E7B34592C0748AF02
File Size: 76.29 KB, 76288 bytes
MD5: 0aea96f88863bd46fd0f23693ab9c3e4
SHA1: 3aa3d4a6f1b43c4187917aa1f815c276311fcb1d
SHA256: A509E837714E7726C489BA4F3EDD8F6D9208C2A484032E4E634BBCBE21C30CB5
File Size: 468.99 KB, 468992 bytes
MD5: 4c91e40ca14c001dd8260b57837e0e98
SHA1: 7a5763861f5189085af53a70dbe5d638b35cb370
SHA256: D83D9DB56F86DA894DDA6ABBA348DA93BB7F13E91EC2060DD338DF38F63CD70D
File Size: 62.98 KB, 62976 bytes
MD5: f8f2a42b360dc4c938245184004313fe
SHA1: 3e6d92d2198cb9cd35cbbf5074d5f4e1c79adaa4
SHA256: FD1EA55F33AA684DBEB00993E2500A29C0EA118061C12A751E3D2898B04CC57E
File Size: 603.09 KB, 603093 bytes
MD5: 8368d3115fa6a2b2c6f3ed84da694c5e
SHA1: 24b8eea09577126de33efc4a21d9dca20c2921b1
SHA256: 02535010FAEE4BF242BA632E0F494EE497A8AD46BC9EFF6D23DCE05B490259AE
File Size: 73.22 KB, 73216 bytes
MD5: 245e9aa017d5ccaba8b6ea4f296796ab
SHA1: 64186f826c0b07e856410dedb344879a327835ed
SHA256: FBBAD10D6D632DF59AEC91B33BC83940A84D7C968A7A2D35FE1ADB476C8736A3
File Size: 325.63 KB, 325632 bytes
MD5: e32230c446df528797a1f5e91cf4b545
SHA1: ce65f04219ae2f7c5404fbbd66921487fac65116
SHA256: 94C8EDB19304F127B81A8153CEB0FDC7520EE90BB488F6E17714E4D6C3726934
File Size: 464.38 KB, 464384 bytes
MD5: 164f854e4f4233f23fd8fbe0c538c9a0
SHA1: 62312df2653327fe658d8583025aad190e0595c1
SHA256: 6CB22FB410DED13C0F4D7313B0A52B924428C8AE31139F3B21F4F561229F83AD
File Size: 404.98 KB, 404982 bytes
MD5: f4d6ad59ec42d7247dee9b96aede77ca
SHA1: 9bf0523f7e2736b642f5b41259d3cc957ae1a427
SHA256: 95561C06955DB653E2D9B28A28C9A746EDCA4590BEDE6BA8B3E19E84CC66A90C
File Size: 1.06 MB, 1062400 bytes
MD5: ef42a5d96e632b6999689911301b11bb
SHA1: a3123d9f0ad02b4957bf65e1e5723633aff470e5
SHA256: B6BF79B871776BE9B5AE4CC5C304ECFD14C09B1477305BC411303735C9609A36
File Size: 818.74 KB, 818742 bytes
MD5: 539a2542601327aea4dedffcc1519a02
SHA1: 7643a751fb4e046e018e68c0976fb05ddb8142d5
SHA256: 09A1712DAC25B088386D946246D7B4A929B21407377A41E4489EC6A883049968
File Size: 64.00 KB, 64000 bytes
MD5: 8ba5790a66bc2ea254b56e591bdb23ad
SHA1: c03bc8ddf738c87ddd43307ac8c400d261c2c68e
SHA256: 92589CC7685F8CE70F784F2A404E252D121268AF4CA8757DCD74A540A48376A8
File Size: 274.94 KB, 274944 bytes
MD5: a3e25e9cf1e334c297575c8d879edec0
SHA1: 89a2306b36e1d9e40aefc50f6f104592ad3cd983
SHA256: B600D0FA0DB5FB22D3C68B01C945ED3B1AE4D9024C09EFA7FB026605EFBE69AA
File Size: 546.30 KB, 546304 bytes
MD5: 3d424ebd33942a45686421fc76af5b51
SHA1: c7b809ee45d96c5aa0f67d33893f2cb3abc960b7
SHA256: 569ABD1F31656EAE2FAA4BA306D4222E7EB7264A46E91790BC761784FC94A8FE
File Size: 63.49 KB, 63488 bytes
MD5: c867423f4f2df1f323a0be72b92d5c0d
SHA1: 0d4c1fd72a32f6ae395083829e054779815b25d1
SHA256: 76290F68EC5F2377FE3ABF7BCD2ED02897C288B768FD24B233ADE02E40837112
File Size: 64.51 KB, 64512 bytes
MD5: 0885bf5c777e2d361c9d5bb071e658a5
SHA1: 9d8d4d99b8b893c3ef07dfddbc7b24a9b934d3cd
SHA256: 442AACB153447BA2C2CE39C4FB0DE1DD7CA74028B807A9475034BEF69367038D
File Size: 154.11 KB, 154112 bytes
MD5: 5c5c1df81331357813b298d0d67bc713
SHA1: 07c6d7565d77d89bfdbf35cacaafe9fa6c853e81
SHA256: D154652FBEF28C6CC5008E7DF7050B6D763D6776344FF0A3BC76CE9BE900FA2A
File Size: 3.02 MB, 3015424 bytes
MD5: f54f3d623cc75661633d33873d9f0b93
SHA1: 421d9d92dc63c61be717c847841d8a27b1f08a27
SHA256: 7F8D86DC7938674FAB4D56DBD01BE9EFC647303A127A17CCB7BD8BA2E6360DE2
File Size: 62.98 KB, 62976 bytes
MD5: 2961fc5b7d33833baba1e71fb159fba5
SHA1: e6f4302c6edd5889a19889c20c2bc2db36e2f352
SHA256: CE2DD6DE559D5D2BC464C9B1D23DFB8C03C603C4274EFB78ADC037C6A2AF360A
File Size: 733.70 KB, 733696 bytes
MD5: e414e7d87391b9627410f705054bca47
SHA1: 683de6a67edd7fcce11f36dbc927f3d824526e82
SHA256: 5B96EFC8A44F20EDC3193D0E715C03A138A804197CA8CB5AC128C9789D4F20F2
File Size: 2.19 MB, 2187435 bytes
MD5: f20860383f538104a2f3e94da113a91d
SHA1: f5a56aae84c635d2b02587673450ef896da3909d
SHA256: A3DCDE85B84256E3BFE5593EFCDBE29676022C27C14C4CC8DDA6BBB76BB8578B
File Size: 5.05 MB, 5049344 bytes
MD5: 9a73ff99ff6bfea74cbc7c493a106bd9
SHA1: 3a008c2e09b10e668553bd6914d83c7620d7a8b8
SHA256: 1315C330C65842A3A2D06C6AEB59E167B7D0C646E7193150A66E2477F87F40C1
File Size: 459.30 KB, 459300 bytes
MD5: 2f960a404ced5b0436c3ec15eb3cd9eb
SHA1: 25ac24fa960ff1e26abbc69649180e33e1aa3e7b
SHA256: 1340F629D6DAC97F16E221BF8B855AACE0769D11FD23503C2CA3EF94F94E9FED
File Size: 756.74 KB, 756736 bytes
MD5: b449d63a52c0863657396e55fdfea6a4
SHA1: 7e62043be710980c001e6833817e1579e8acac86
SHA256: 842AB5905FB5F006F0E46EE9C25A8A25A19EBA253994D9877E574E58AE8081F5
File Size: 2.25 MB, 2248192 bytes
MD5: 05b261fcaf49c8ad702413ea4191bd2e
SHA1: 34e02f5a8cc2e1da4b94a2cb37c7648a9fdd8ff6
SHA256: 150B79F05612549BB3ECA868A3CB375211AA454A4478DA0D2C87FB4B54FE8E42
File Size: 146.43 KB, 146432 bytes
MD5: c549f6356ffcf80fa0e7c0301771992d
SHA1: 7a977c0bc58761e4c5f91a378d9c06e549d775b5
SHA256: D1FD7F447D5622512E65B89B17E1D408D02475E86927530826994B94104C82DB
File Size: 56.32 KB, 56320 bytes
MD5: 54dcae6c0a6c55369994207e8364b6e3
SHA1: 2f1b6b1b9c7f61e459cf7a49131241084048579b
SHA256: E2A0514D7E05580F28FA57EC0EF5F6A02A8D6EDBBF111ADD2A15F1AE4D5B50B1
File Size: 115.45 KB, 115449 bytes
MD5: c01777bfffb639d68e518469c205ff39
SHA1: 446b08b67968c9c920e2f0585caaa43b75656e21
SHA256: 88A99CBD0E3751004F537BDD471740EEFCB910D1DD1C5CD8C226BF090BE9EA10
File Size: 218.62 KB, 218624 bytes
MD5: 0190d75fe23f0d467cdb8dbe6faca99d
SHA1: e81fc84a23c98815e4af7b1627e7db99bed90eed
SHA256: 8A67264C44AE1BFBEB9637AC11D45346CF7028B551AFED74B53A4195F4CF0D14
File Size: 212.48 KB, 212480 bytes
MD5: f4d5112628d7192236bf62d3528b8ad0
SHA1: 3c8a9c70d7d01eefbeba0dd5f076ba3612ae0b9a
SHA256: 4DD50ECE4ACE98050A3CE7D9A1601D29ECF81330BBFA43FE50DE6394B72C7AE5
File Size: 56.83 KB, 56832 bytes
MD5: d3a693fbd3f2b9130e923f9e0396dfdc
SHA1: 0f13ace38ba609bd9526f79e84243ba22ddcf7f2
SHA256: D69EA09D2CE10650015C846788202D92DDE5F034BBC74BD9944613A469E28A8F
File Size: 161.28 KB, 161280 bytes
MD5: 82e6884fed3698af5d6275205d29599e
SHA1: 2a3ab8fe78c45dc89ed94cdde136fcf319f73e05
SHA256: 7B5B4A6C363FE43A86CF02B52400945C218E16795109BA7DF7929499B0A094FC
File Size: 4.79 MB, 4785449 bytes
MD5: dabc0bdcb1eda904053cc762abe2af26
SHA1: 54209323ad05bbcdcd55c5348d2dcc49e22e1c57
SHA256: EEAFE9F1FD65DA875951A297073A007E3DC3BFC78F3382DED52893C51C458A22
File Size: 263.17 KB, 263168 bytes
MD5: b64ae181953aafc8356c75280ba7193b
SHA1: 2407a8420008ab8fae081661b82a6890adac5d75
SHA256: F45F474CFF0041A2EC37CB7AC74C1914D086DE4F30F30E65E8CB9B1F31362878
File Size: 578.05 KB, 578048 bytes
MD5: 2819274dea7448e4a35edbc0a6109033
SHA1: 855ceb20b4ce9f03046a203f8dd5a37991050dfa
SHA256: 7D8F6C0797E7C890E8064A7B91E6F79FB6FB2ED61886AE854BC7EDA7CFB23909
File Size: 1.20 MB, 1195008 bytes
MD5: 23fb6022ec70875d892b10f6c0abee67
SHA1: fc5d2dcdfd700900ba3f38576f7ecfd240e78831
SHA256: D7801A6D81593D8FDAF3EA00FEE6C73127716729B662A6413CCFBEA938034079
File Size: 866.30 KB, 866304 bytes
MD5: 0524787b66ba04f456d6760d234bd24e
SHA1: ac63cc366e5102d298d11ba73a6e1c519a15d48e
SHA256: 4CA1B034C968C5771CF7D58A9EA9D96E01E94A6C134050A434485BB12F41DC3F
File Size: 62.98 KB, 62976 bytes
MD5: 164afe2fc4f7758f71f3049a5415d698
SHA1: 48dd6fa3516efd94d3ac7a6edb3cbb62b2c72650
SHA256: 7B24D98A4F11B79D94AC5A885C8348E896120CF902094AE3802EC0C57D9DE53A
File Size: 69.12 KB, 69120 bytes
MD5: d6e8008cdeca720fd80e4b5ddb6cc6fc
SHA1: 91c3094bf8d557e31af93afbf8c8bfaf8ee1c5b0
SHA256: D2652276A8D7D5202A14B96CBC327557B69E2BDBC652751A163535805402678E
File Size: 120.32 KB, 120320 bytes
MD5: 06b8f165193cd62449eeea0932c0ab09
SHA1: 36ca6a66e8ce63c9986a8e8588f41f16763c1f49
SHA256: C8F81E1ABC92508F297BD2C6D91D47A21FA1E38769C0C757E5F50BBF3E6458E8
File Size: 946.18 KB, 946180 bytes
MD5: 0577954bee331bebda951cb70361abd7
SHA1: deadbe633fb2f8f4dbb7bd07840ceaba5a5a0d5c
SHA256: D486B67CDE16981E7962EA5EE12C42A418CB23C29911C515C85A6DF7340F9FD5
File Size: 1.40 MB, 1397760 bytes
MD5: 921bdf72d3fe36d0b5baedb426977e87
SHA1: 0611f088a0f7386a1c0aa969153d039092df0630
SHA256: 554C7F67A765199D6320BA07F6C420C851592237123ECF437E6086887926AA22
File Size: 2.12 MB, 2124288 bytes
MD5: 5df2b4a3cb2fcf3cc40d3fa6a4c68f5e
SHA1: 71d4e48ea85d1a9c1c78c8713309afcb76fa6eae
SHA256: 48F5C477A9EA011102D5965B630ED7475A91B15CF288DB794F5E6BA5013B715C
File Size: 180.74 KB, 180736 bytes
MD5: 5111ff0f448f1d2a866e0c29ba4c76ef
SHA1: 88852507749508b686800c6b5ec6b83c580b2213
SHA256: B48C24AC602E4ADBBA8533BBBCE356320142202DCBA05F6D5153E6FBDE6E9C17
File Size: 81.92 KB, 81920 bytes
MD5: bdf1608aaf019214fa1f23a001baa518
SHA1: 13c1a05461284291dda93f34885bc9a2be187a70
SHA256: D0D72A0588628304156E888F1952966DEA33A7750D6FC9501F2900528628FBBE
File Size: 1.40 MB, 1401856 bytes
MD5: 484ff898e649c35480a1f1df5519ad1c
SHA1: 1cfc4b5f868314258eacf8ac0406342e0c79d31e
SHA256: B8CC345F8EF8B73A6674E7A1824D1A35DE80D41F97E0B69F2ED9F55B556B9F33
File Size: 504.32 KB, 504320 bytes
MD5: 99655c2558cce5f9d0b2404a2793a88a
SHA1: 2c2f0568ce265720338ba8fb9a476f2ab3718e02
SHA256: 96B3D1BA2CF98269FC68E213D404BAB39A13764DEB61F921D9FE742F00DC70FE
File Size: 278.53 KB, 278528 bytes
MD5: acaff487f6a3af8b3f5514a3ac607fe1
SHA1: 2ede4306433855736b47aaf26044013dcf6eea49
SHA256: A4F11EA35BC66D05EF3FEF87D925FF9EFA0D8CB29214A3F478688CE86DF2CB93
File Size: 362.35 KB, 362354 bytes
MD5: 5902553890c75e38ca51633a2909393b
SHA1: 5e2f60d8aa48b8f53df4b4bb0e60c9e391a7c684
SHA256: 42B0B34E2B7E338E53FF684F9226AE91CE30C531DF7D843B9113B0FA25FE3829
File Size: 707.58 KB, 707584 bytes
MD5: 4423142ddd7358bcc2fda8fcd985fbeb
SHA1: 24f38bc8b3fd2fc3244d9771ba151a30efdfd8ad
SHA256: E4FB915B1A6C5EC33EE1105E80DD533F329EAFDA19871F8C977F590282919CF2
File Size: 978.43 KB, 978432 bytes
MD5: 760552430fe8e0782ea784ef404c3e2b
SHA1: 7866be1b8cc649d713fcb9bed2ce84505d9dbbcc
SHA256: 6D4553BAC755D823490C03F972423F5FEC222CEF8705B3477413556881A2BA11
File Size: 62.98 KB, 62976 bytes
MD5: 0187357d1e458de1af9a0214a485eeda
SHA1: 8c20d92db9cf6bbb3d8da4eac83a10b58c3d5ede
SHA256: A822332D7A63CBD58234E8727D0544B8EC33E02AD7F48EAFB4DAD72A62103F16
File Size: 332.80 KB, 332800 bytes
MD5: 0c4616a3c4da2d3700cda86103908e59
SHA1: 4b058ffb050237cbbee5b4dc1e2dabbe6e096da4
SHA256: 47B9853A839A983BAB054768F20E3342DDAB979652D4C40B5EF831F751A3DE79
File Size: 200.19 KB, 200192 bytes
MD5: aeec99b31bf3c21ac08400a0d83f2935
SHA1: 9c66e3269e907347935337941ebbd596f875036a
SHA256: 7CB5E0E5F7022CC33AC8537528A4BD6B0387C0B8774BAC879AAD74FC631EF203
File Size: 662.53 KB, 662528 bytes
MD5: acd2d6fd27b9131e302c081999e42224
SHA1: 760c57e42f3bbe2bb761d8c860aeccf973321c20
SHA256: E79CF8546D49590403726C364BA66FFACB12929BF489378600F73CB204456C82
File Size: 62.98 KB, 62976 bytes
MD5: 95a6ebb86a091c68b9c398819aa1f99d
SHA1: 0dbd32aefbca3d27c2eca029276ddeb380a4707c
SHA256: 20EE411305FE8CF51794A0EB51A89974606F77576F81E3C34B52779F85A5C1D2
File Size: 484.26 KB, 484259 bytes
MD5: bf461f800bb48ba2fc46303df9fd9dcb
SHA1: b3af977fe1295c6e9923e718e9095ae721fa14ba
SHA256: 43261CAA9DDC05D04ACC007916F4CAE3A737AB443B818810E69629B26DE913A1
File Size: 1.43 MB, 1432064 bytes
MD5: c920f1dbac773bf11b2d056859e08a43
SHA1: 90ab98322ed9c95d12226321e0ecc1f573ed28f0
SHA256: B828FA899C82F06CD3F579BBEC41A107DB2B609677F44E25DF8E41E8BC99F109
File Size: 571.90 KB, 571904 bytes
MD5: a36aa5c0dfc5b448655630a3efa04171
SHA1: 18ae763e1f6bd7eea71896946fdc1b82d96ddbd1
SHA256: 03F32570508526C1651177D7CAE4AC5B9509162E7D8803F65FECCE3BFECDD2A5
File Size: 343.86 KB, 343862 bytes
MD5: 5e725bfd01c468ef5549087ad599620c
SHA1: a3500b6746b9c64ae7d35b985bf377fe8e6773ae
SHA256: 5C41D9F3CC62FA9B4CCA93ADE480EB6F862C12F2CF904D115C61B005F50D379A
File Size: 8.70 KB, 8704 bytes
MD5: 6af65f3daaa8464076a453719c98736a
SHA1: ba63f97b4fae3cbb3aaab564a06fcd6097fa4594
SHA256: 7C152211799E707B394247B2C578E5B8FE2CD6AB5BFE9C2314C920251E2925D6
File Size: 732.67 KB, 732672 bytes
MD5: 5173e1cdcd5db4aaf28a21c41ddcd064
SHA1: c1663aee1dfd033c92df170890ef3ed9a4b87515
SHA256: 66CB372AC45A707161EB29136DEF41B37638F3C6258968ADFB23D5F7F680A6CB
File Size: 97.79 KB, 97792 bytes
MD5: 23532ca83eb9caff7c61fdf5e17d518c
SHA1: a88d5c5af84280cefa959e90483f7b18bc1ea2a0
SHA256: 195EFBCFDBB3DF6DCE2A0B23DF4F976F35BA3EA3508E737E1E760BC587F6550F
File Size: 70.66 KB, 70656 bytes
MD5: 54ce6f8ad9a815ed40e2311656190565
SHA1: 700548da80ec12e33a7777d79a98a6b9775cbcc9
SHA256: 9A178B99B750686A939819CFE4C9A7B9A47167DBD2F8CF6CEFEFE7BEBB1BE8C6
File Size: 201.22 KB, 201216 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

169 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version 1.3.3.7
Comments
  • Always the latest version
  • This installation was built with Inno Setup.
  • www.Dr-FarFar.com
Company Name
  • Dr.FarFar | www.Dr-FarFar.com
  • Microsoft
  • Soft Sara, Inc.
  • The MASM32 SDK
Compiled Script AutoIt v3 Script: 3, 3, 8, 1
Email inFo@Dr-FarFar.CoM
File Description
  • Adobe Acrobat Pro
  • Code generating Tool
  • Remote Desktop Manager Activation Tool (ViP)
  • Setup/Uninstall
  • softsara.ir
File Version
  • 51.1052.0.0
  • 3, 3, 8, 1
  • 2.0.0.0
  • 1.3.3.7
  • 1.00
  • 1.0
Internal Name
  • maketbl
  • Remote Desktop Manager Activation Tool.exe
  • TJprojMain
  • Win
Legal Copyright
  • Copyright © Dr.FarFar
  • Ghost
  • © 2011 The MASM32 SDK
Legal Trademarks www.Dr-FarFar.com
Original Filename
  • maketbl.exe
  • Remote Desktop Manager Activation Tool.exe
  • TJprojMain.exe
  • Win.exe
Product Name
  • maketbl
  • Project1
  • Remote Desktop Manager Activation Tool (ViP)
  • Soft Sara Patcher
  • Win
Product Version
  • 3.3.16.1
  • 1.3.3.7
  • 1.00
  • 1.0

File Traits

  • .UPX
  • 2+ executable sections
  • big overlay
  • HighEntropy
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
  • No Version Info
  • packed
  • PEC2
Show More
  • PECompact v2.20
  • upx
  • UPX!
  • virut
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 4
Potentially Malicious Blocks: 3
Whitelisted Blocks: 1
Unknown Blocks: 0

Visual Map

x x x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.EDA
  • Agent.KLB
  • Autoit
  • Dacic.O
  • Glupteba.P
Show More
  • IEHelper.B
  • Lamer.CF
  • Patcher.A
  • Patcher.B
  • Patcher.C
  • Patcher.CA
  • Protux.D
  • Ramnit.V
  • Stealer.BBA
  • Trojan.Downloader.Gen.M
  • Upatre.VC
  • VtFlooder.R
  • Wapomi.F

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files (x86)\alcohol soft Synchronize,Write Attributes
c:\program files (x86)\alcohol soft\alcohol 120 Synchronize,Write Attributes
c:\program files (x86)\alcohol soft\alcohol 120\__tmp_rar_sfx_access_check_2926687 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\alcohol soft\alcohol 120\alcohol.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\alcohol soft\alcohol 120\alcohol.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1911cdb02fcf13435872cfdd7434e2b1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\64f4ea4c8142cac73e06647d59a699d1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7ceb9b2a0e395bd64e74381485a106af.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\9ce5948f6f706809ad1df3709868df94.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4eb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta8dd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autad05.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autb9f2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bassmod.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\berlin sans fb.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bus led display small.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c5e3399ed9a072fe864748d49ba96094.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\commodore 64.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dup2patcher.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gfgjqm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\gfgjqm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ghost\banner.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\ghost\banner.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-93m0a.tmp\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mjxixj.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\mjxixj.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\motorway.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uxcclm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\uxcclm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\visitor -brk-.fon Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zbsrnv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\zbsrnv.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df262d6e2b4a15d8b6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~tmbcae.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\cmgr.exe Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\bassmod.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\winrar sfx::c%%program files (x86)%alcohol soft%alcohol 120% C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\54209323ad05bbcdcd55c5348d2dcc49e22e1c57_0000263168 c:\users\user\downloads\54209323ad05bbcdcd55c5348d2dcc49e22e1c57_0000263168:*:enabled:@shell32.dll,-1 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 º RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://www.andbookz.com/br.gifhttp://acbilgisayar.com.tr/br.g RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 奆 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 ꦭ㞫 RegNtPreCreateKey
HKCU\software\apcr::u2_1 槙牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 舺ᓐ RegNtPreCreateKey
HKCU\software\apcr::u2_2 ﴃ RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 钅臧 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䝔地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 ꧲썱 RegNtPreCreateKey
HKCU\software\apcr::u2_4 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 鍷媬 RegNtPreCreateKey
HKCU\software\apcr::u2_5 婛㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 蛋ᙏ RegNtPreCreateKey
HKCU\software\apcr::u2_6 괫깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 RegNtPreCreateKey
HKCU\software\apcr::u2_7 㕚⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 RegNtPreCreateKey
HKCU\software\apcr::u2_8 赱錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 Ɐ RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᦓ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 㯽뙽 RegNtPreCreateKey
HKCU\software\apcr::u2_10 鑮矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 ൢ츝 RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 뚼냟 RegNtPreCreateKey
HKCU\software\apcr::u2_12 缋峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 テ䕲 RegNtPreCreateKey
HKCU\software\apcr::u2_13 솾켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 㛑瀴 RegNtPreCreateKey
HKCU\software\apcr::u2_14 䳘䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 RegNtPreCreateKey
HKCU\software\apcr::u2_15 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 쿲ꘉ RegNtPreCreateKey
HKCU\software\apcr::u2_16 ៍♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 뼌 RegNtPreCreateKey
HKCU\software\apcr::u2_17 똢颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18 穀ㅳ RegNtPreCreateKey
HKCU\software\apcr::u2_18 ޡଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 䳢즆 RegNtPreCreateKey
HKCU\software\apcr::u2_19 델綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 RegNtPreCreateKey
HKCU\software\apcr::u2_20 ᣳ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 潟ᢁ RegNtPreCreateKey
HKCU\software\apcr::u2_21 嵓扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 RegNtPreCreateKey
HKCU\software\apcr::u2_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 ㇸ兘 RegNtPreCreateKey
HKCU\software\apcr::u2_23 䀟䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 핌 RegNtPreCreateKey
HKCU\software\apcr::u2_24 칞릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 笜恹 RegNtPreCreateKey
HKCU\software\apcr::u2_25 墻⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 捖㌙ RegNtPreCreateKey
HKCU\software\apcr::u2_26 ꇅ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 剬盧 RegNtPreCreateKey
HKCU\software\apcr::u2_27 ㌇Ⴓ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 䰅 RegNtPreCreateKey
HKCU\software\apcr::u2_28 먧茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 阩懴 RegNtPreCreateKey
HKCU\software\apcr::u2_29 ଔ RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 ᦇ  RegNtPreCreateKey
HKCU\software\apcr::u2_30 饠柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 ⏢᮷ RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 盒㘰 RegNtPreCreateKey
HKCU\software\apcr::u2_32 眺䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 ნ㎃ RegNtPreCreateKey
HKCU\software\apcr::u2_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 ቑ狵 RegNtPreCreateKey
HKCU\software\apcr::u2_34 侕ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 㑝㫖 RegNtPreCreateKey
HKCU\software\apcr::u2_35 ꏞ RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 ᴆⷁ RegNtPreCreateKey
HKCU\software\apcr::u2_36 ▩ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 拕㯁 RegNtPreCreateKey
HKCU\software\apcr::u2_37 艨袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38 韱౐ RegNtPreCreateKey
HKCU\software\apcr::u2_38 㡲﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 ⴉ RegNtPreCreateKey
HKCU\software\apcr::u2_39 蠅浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 ꝉ㺘 RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 䠌 RegNtPreCreateKey
HKCU\software\apcr::u2_41 妣刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey

92 additional registry modifications are not displayed above.

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • inet_addr
  • socket
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
Network Winhttp
  • WinHttpOpen

Shell Command Execution

"C:\Users\Gehiyvgt\AppData\Local\Temp\is-93M0A.tmp\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.tmp" /SL5="$2027C,154517,77824,c:\users\user\downloads\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.exe"
C:\Users\Mbgamrhp\AppData\Local\Temp/MJXIXJ.exe
C:\Users\Mbgamrhp\AppData\Local\Temp/ZBSRNV.exe
C:\Users\Tspqbvap\AppData\Local\Temp/UXCCLM.exe
C:\Users\Tspqbvap\AppData\Local\Temp/GFGJQM.exe
Show More
cmgr.exe

Trending

Most Viewed

Loading...