Trojan.Redosdru.B
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 2,904 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 932 |
| First Seen: | August 9, 2012 |
| Last Seen: | February 5, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Aliases
15 security vendors flagged this file as malicious.
| Antivirus Vendor | Detection |
|---|---|
| Panda | Suspicious file |
| Fortinet | W32/Agent.HPEQ!tr |
| Ikarus | Trojan.Win32.Agent |
| AhnLab-V3 | Trojan/Win32.Agent |
| BitDefender | Gen:Variant.Refpron.1 |
| Kaspersky | Trojan.Win32.Agent.rtro |
| Avast | Win32:Malware-gen |
| McAfee | Generic BackDoor.ut |
| Panda | Bck/Hupigon.LNP |
| AVG | BackDoor.Generic13.ANAK |
| Fortinet | W32/ZZSlash.DOB!tr.bdr |
| Ikarus | Backdoor.Win32.ZZSlash |
| AhnLab-V3 | Win-Trojan/Agent.680140 |
| Microsoft | Trojan:Win32/Redosdru.B |
| Antiy-AVL | Trojan/Win32.Agent.gen |
File System Details
Trojan.Redosdru.B may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | NEUSBw32.dll | 8f09cb4b04388070ab93787ff8678555 | 41 |
| 2. | set.exe | fd78453f225862c5b9199af0a8de7e81 | 1 |
Analysis Report
General information
| Family Name: | Trojan.Redosdru.B |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e4eb0b8042a914cf609c266ed1f5cb33
SHA1:
e481b94d1087466f69c66154715d3d9b933f180d
File Size:
9.84 MB, 9839386 bytes
|
|
MD5:
ba0192ca542fc09a3056b77cb37574cf
SHA1:
2595d45a614d0244fef517cba21094947d12f846
File Size:
6.28 MB, 6281669 bytes
|
|
MD5:
d7917bc607c5d780cefb6069eb23c394
SHA1:
b412fd6ab8a600677eb502fbcfd633060ef4e4d4
SHA256:
C3D3E8215F25D5CF8074BDC6BA4A44C1EB4F7F64FA85653B9680DF70198E1C6E
File Size:
4.65 MB, 4653056 bytes
|
|
MD5:
500d8f755ec5553ebfe4df835796156a
SHA1:
46521f08e3942d57ede866ff67dfa275b06b1f3e
SHA256:
774FA47A4506324BDCCB360689EC754E18E6334A28D493940763790C42BE76FB
File Size:
5.00 MB, 5001216 bytes
|
|
MD5:
00e43aa6cc7835243d6049777b8ed8b4
SHA1:
864cc118f036a400ea5ef18870ab8852de4bf40d
SHA256:
F38A98979E173E07D7DE4FA5A0F409516601544E57252A71169E49911941708B
File Size:
9.69 MB, 9689374 bytes
|
Show More
|
MD5:
2f0527bee087100d9c4f0a6fea17f5cd
SHA1:
a5a8003827646840c1b18e5e8669b9b833cf5715
SHA256:
EB8AEE5DD4E98D17C7AE9B391C738F52ECD8B96881F6B3814640552A4DACF259
File Size:
606.21 KB, 606208 bytes
|
|
MD5:
e9996922a1286e9522aeb8cac1f7ed84
SHA1:
a56f59736629fbbcaa637a887063ac1de10b7a13
SHA256:
F947752DA426984B89CB2B818F99DF041AA66C42117358D451B6E829ADC3B809
File Size:
9.96 MB, 9957842 bytes
|
|
MD5:
ce160e907cecd43b6b774ff150283f04
SHA1:
74338ec056d27677a60eb348025b6f779563dcae
SHA256:
A5DB123AC969880574EBFB0F1549D33A6A406697B0222322C0DC76384B768F1F
File Size:
5.00 MB, 5001216 bytes
|
|
MD5:
3246266f7f16a5570c5716615d8f8886
SHA1:
537b3d20b0b1111ff27e35f9e65473b9483bfa05
SHA256:
C3330499A5EFC1946B200E174EA7B912BCADDAF1B2FE6BAF8304E489A0ACF88A
File Size:
5.64 MB, 5635431 bytes
|
|
MD5:
ad4e8461fca191a48c5687b7c002e8b9
SHA1:
303ba81d206bcf42af50aebd6cb5e2f07565da99
SHA256:
74E69EC308F3483BFD8A4735D9D80FCC332FFD359A2F211FF36EA2E92770256D
File Size:
517.63 KB, 517632 bytes
|
|
MD5:
b417235828f080133d3e349f2968c334
SHA1:
a91da0c37ea75b38dd2f0b861a8404418242a5ad
SHA256:
DFAB3CE6CBAD131A6252EFDD2F50F91C84E26A957764E297A76A6F845EA8C87A
File Size:
520.19 KB, 520192 bytes
|
|
MD5:
43d26c10fd92240d5b16eeb3baa4926f
SHA1:
6cd0b7dcc90b5fa46a75aa998753089c4d649898
SHA256:
5B6E0188AAABC9E1877C2BA841EFE66B15CB1853AF9B1AC7F0877D8635D26F5C
File Size:
552.96 KB, 552960 bytes
|
|
MD5:
91db1aba6c893d5fa5cf953fcd8ed1b4
SHA1:
23be29394589a7dbddbf38f64dc78d0f36809cd5
SHA256:
CE9E98B501763167A4296139D4E06C2B1065163A0CF48C15A111E8F88708E7B2
File Size:
6.79 MB, 6794451 bytes
|
|
MD5:
85596bbc1a15300ae5ab7ab0199d3ec0
SHA1:
3aafa4ac5adcc9827893f130115851a76b25e507
SHA256:
EEE129D6F0341F60E7BD285E7DCDBF941E83585823C401891FCA52016DFF367C
File Size:
4.03 MB, 4029952 bytes
|
|
MD5:
527ee4c8e8cc1664f8079567649f1947
SHA1:
ab6ba6f7377d3fe8e47854d897a777d450ed2fad
SHA256:
3B3C31BC8F57C09A04E3F3B69FEAC21A21DC25CA9C6F1072E3A4940F1482D0F4
File Size:
4.45 MB, 4452342 bytes
|
|
MD5:
8b02cc2b4d884a05f8af678e7a6a345c
SHA1:
a4a5e1f26163c014961e4f00e2d5abc74357899e
SHA256:
55FC33538E1523CF70B310DAF84FE149A9229A267A68256A19716EB5216B0AB5
File Size:
6.27 MB, 6270786 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This installation was built with Inno Setup. |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- 2+ executable sections
- dll
- HighEntropy
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsb29d.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsee6d5.tmp\langdll.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsfe8e3.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsia8a0.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsje6a5.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsla4fb.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\stpa363_tmp.exe | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\alarm\beep.wav | Generic Write,Read Attributes |
| c:\users\user\downloads\audiocodec.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\downloads\audiocodec.dll | Synchronize,Write Attributes |
| c:\users\user\downloads\audiodec.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\avsaudiocodec.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\avsaudiocodec.dll | Synchronize,Write Attributes |
| c:\users\user\downloads\avscodec51.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\decode.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\deinterlace.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\g723codec.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ijl15.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ipcam.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ipcam.dll | Synchronize,Write Attributes |
| c:\users\user\downloads\ipchd10.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ipcjd20.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ipcmd10.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\jpeglib.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\jpeglib.dll | Synchronize,Write Attributes |
| c:\users\user\downloads\mpeg1encoder.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\networkapi.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\nvdme50.dll | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz.rgn | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz.rgn | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2000_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2001_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2002_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2003_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2004_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2005_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2006_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2007_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2008_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2009_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2010_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2011_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2012_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2013_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2014_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2015_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2016_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2017_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2018_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2019_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_disable.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_disable.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_down.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_down.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_focus.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_focus.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_up.bmp | Generic Write,Read Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2020_up.bmp | Synchronize,Write Attributes |
| c:\users\user\downloads\ptz\bmp\nv5.3\ptz2021_disable.bmp | Generic Write,Read Attributes |
57 additional files are not displayed above.
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKLM\software\wow6432node\digital river\softwarepassport\imtoo software studio\imtoo mov converter\0::buyurl | http://www.regnow.com/softsell/nph-softsell.cgi?item=9641-15&affiliate=19793&hardwareSignature=Lite-202511140414560385 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
| User Data Access |
|
| Keyboard Access |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b412fd6ab8a600677eb502fbcfd633060ef4e4d4_0004653056.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46521f08e3942d57ede866ff67dfa275b06b1f3e_0005001216.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a5a8003827646840c1b18e5e8669b9b833cf5715_0000606208.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\74338ec056d27677a60eb348025b6f779563dcae_0005001216.,LiQMAxHB
|
C:\Users\Rfbgkfmh\AppData\Local\Temp\StpA363_TMP.EXE (NULL)
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\303ba81d206bcf42af50aebd6cb5e2f07565da99_0000517632.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a91da0c37ea75b38dd2f0b861a8404418242a5ad_0000520192.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6cd0b7dcc90b5fa46a75aa998753089c4d649898_0000552960.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3aafa4ac5adcc9827893f130115851a76b25e507_0004029952.,LiQMAxHB
|
