Worm.Allaple

By CagedTech in Worms

Threat Scorecard

Popularity Rank:	6,054
Threat Level:	50 % (Medium)
Infected Computers:	3,062

First Seen:	December 15, 2012
Last Seen:	June 8, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Worm.Allaple

File System Details

Worm.Allaple may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	hqtjrcss.exe	209c08f288a525866949449a93ec6692	0
Name: hqtjrcss.exe MD5: 209c08f288a525866949449a93ec6692 Size: 107 KB (107008 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
2.	wbthvkxq.exe	fec7b74b7a709e8925b1961dad63c0ac	0
Name: wbthvkxq.exe MD5: fec7b74b7a709e8925b1961dad63c0ac Size: 67.58 KB (67584 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
3.	tsektjkj.exe	7a46468cc40300ac525edb1185d9ad77	0
Name: tsektjkj.exe MD5: 7a46468cc40300ac525edb1185d9ad77 Size: 67.58 KB (67584 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
4.	rsewzjqn.exe	6ec04f0b9b22027ee67862aecf1971a5	0
Name: rsewzjqn.exe MD5: 6ec04f0b9b22027ee67862aecf1971a5 Size: 67.58 KB (67584 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
5.	lznezkhh.exe	42e468cea445f7f416737b196ebb82b6	0
Name: lznezkhh.exe MD5: 42e468cea445f7f416737b196ebb82b6 Size: 67.58 KB (67584 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
6.	14ad91e0632f548f3babe79172c864fd.exe	14ad91e0632f548f3babe79172c864fd	0
Name: 14ad91e0632f548f3babe79172c864fd.exe MD5: 14ad91e0632f548f3babe79172c864fd Size: 85.5 KB (85504 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
7.	0bafbfe75be4c344673e37b3dd8df3fa.exe	0bafbfe75be4c344673e37b3dd8df3fa	0
Name: 0bafbfe75be4c344673e37b3dd8df3fa.exe MD5: 0bafbfe75be4c344673e37b3dd8df3fa Size: 57.85 KB (57856 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014
8.	urdvxc.exe	1997c4ac6bb4bba5a16da2cda6d89d74	0
Name: urdvxc.exe MD5: 1997c4ac6bb4bba5a16da2cda6d89d74 Size: 67.58 KB (67584 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 14, 2014

Analysis Report

General information

Family Name:	Worm.Allaple
Signature status:	No Signature

Known Samples

MD5: 01f316cabee05b386135075d1792b0fd

SHA1: 67805e92e4827d1adf131c423e4c3db610dc6abd

SHA256: 13EDFB4CEBAD8FB1D31BF19D4B2A582F8B7F64C30D314957DE5DDCC7FB3C3F80

File Size: 61.44 KB, 61440 bytes

MD5: 47e231e2da422964430dd4224203b5fa

SHA1: 2b06be62c3516da4f3d4a863a37be7c59392262d

SHA256: 43DF206BCF1FCF42B9C92610A39B0D8137D345DF0C1E0BFF4A582E651802DB15

File Size: 6.13 MB, 6126768 bytes

MD5: 31147136ccdbdb17484c337f1ec7295b

SHA1: 71a1a1788ec69cc4858a74c97d64df989ab59113

SHA256: CB1193257F704D575EA1FF5E06F663E24F2CD9C4609CD88D9E1B1A520C5E647F

File Size: 344.06 KB, 344064 bytes

MD5: 43d0f5fde0206abccf5c0fa1b002f41a

SHA1: 25cf7d0d6d24864fca6e4c145bf0ed6c741960fd

SHA256: 16C7DD702195C934FE7A9BF31CBBBC8B05C02E10E24F2EECB4B579904961628E

File Size: 61.97 KB, 61965 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	nProtect GameGuard Update Module
Company Name	CHIP Digital GmbH INCA Internet Co., Ltd.
File Description	CHIP Secured Installer nProtect GameGuard Update Module
File Version	2003, 8, 28, 2 1.0.64.2
Internal Name	npgmup
Legal Copyright	Copyright 2021 CHIP Digital GmbH Copyright ⓒ 2000-2003 INCA Internet
Legal Trademarks	nProtect
Original Filename	npgmup.dll
Product Name	Installer nProtect GameGuard Update Module
Product Version	2003, 8, 28, 2 1.0.64.2
Special Build	by Kim Chan Ho (chkim@inca.co.kr)

Digital Signatures

Signer	Root	Status
CHIP Communications GmbH	CHIP Communications GmbH	Self Signed
CHIP Communications GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed

File Traits

2+ executable sections
big overlay
dll
HighEntropy
Installer Version
No Version Info
x64
x86

Block Information

Total Blocks:	1
Potentially Malicious Blocks:	1
Whitelisted Blocks:	0
Unknown Blocks:	0

Visual Map

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Banker.U
Delf.BN
Delf.RC
Delf.XA
Kryptik.HJB

Lumma.FA
Oleloa.A
Padodor.CC
Padodor.D
Padodor.DA
Padodor.DB
Padodor.DC
Peer2Profit.C
Qukart.B
Rugmi.BA
Rugmi.SA

Files Modified

File	Attributes
c:\windows\syswow64\abmmqkei.dll	Generic Write,Read Attributes
c:\windows\syswow64\agbkkjbk.dll	Generic Write,Read Attributes
c:\windows\syswow64\akhgefch.dll	Generic Write,Read Attributes
c:\windows\syswow64\ambejh32.dll	Generic Write,Read Attributes
c:\windows\syswow64\apdhmb32.dll	Generic Write,Read Attributes
c:\windows\syswow64\banknc32.dll	Generic Write,Read Attributes
c:\windows\syswow64\baobfc32.dll	Generic Write,Read Attributes
c:\windows\syswow64\beocnd32.dll	Generic Write,Read Attributes
c:\windows\syswow64\bmlikg32.dll	Generic Write,Read Attributes
c:\windows\syswow64\bogeobnn.dll	Generic Write,Read Attributes

c:\windows\syswow64\cbnnmh32.dll	Generic Write,Read Attributes
c:\windows\syswow64\ccaodg32.dll	Generic Write,Read Attributes
c:\windows\syswow64\ceillbln.dll	Generic Write,Read Attributes
c:\windows\syswow64\cfgcob32.dll	Generic Write,Read Attributes
c:\windows\syswow64\cjnligob.dll	Generic Write,Read Attributes
c:\windows\syswow64\cnhchkhj.dll	Generic Write,Read Attributes
c:\windows\syswow64\ddffkkgo.dll	Generic Write,Read Attributes
c:\windows\syswow64\dkgpihcm.dll	Generic Write,Read Attributes
c:\windows\syswow64\dmkmbj32.dll	Generic Write,Read Attributes
c:\windows\syswow64\dmmjgdde.dll	Generic Write,Read Attributes
c:\windows\syswow64\ehneekon.dll	Generic Write,Read Attributes
c:\windows\syswow64\fefegcjb.dll	Generic Write,Read Attributes
c:\windows\syswow64\fhpqfpjl.dll	Generic Write,Read Attributes
c:\windows\syswow64\fngfdl32.dll	Generic Write,Read Attributes
c:\windows\syswow64\foqpkkck.dll	Generic Write,Read Attributes
c:\windows\syswow64\fqgenb32.dll	Generic Write,Read Attributes
c:\windows\syswow64\ggjkgdio.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ggjkgdio.exe	Generic Write,Read Attributes
c:\windows\syswow64\ggodbc32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ggodbc32.exe	Generic Write,Read Attributes
c:\windows\syswow64\gjkdip32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gjkdip32.exe	Generic Write,Read Attributes
c:\windows\syswow64\gkpjna32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gkpjna32.exe	Generic Write,Read Attributes
c:\windows\syswow64\gnliem32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gnliem32.exe	Generic Write,Read Attributes
c:\windows\syswow64\gqgili32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gqgili32.exe	Generic Write,Read Attributes
c:\windows\syswow64\hbceajhp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hbceajhp.exe	Generic Write,Read Attributes
c:\windows\syswow64\hcaecc32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hcaecc32.exe	Generic Write,Read Attributes
c:\windows\syswow64\hckocdfh.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hckocdfh.exe	Generic Write,Read Attributes
c:\windows\syswow64\hfejhp32.dll	Generic Write,Read Attributes
c:\windows\syswow64\hijdfa32.dll	Generic Write,Read Attributes
c:\windows\syswow64\hjgcen32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hjgcen32.exe	Generic Write,Read Attributes
c:\windows\syswow64\hjnjfm32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hjnjfm32.exe	Generic Write,Read Attributes
c:\windows\syswow64\hkfpoq32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hkfpoq32.exe	Generic Write,Read Attributes
c:\windows\syswow64\hqoolheb.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hqoolheb.exe	Generic Write,Read Attributes
c:\windows\syswow64\ibjkbibg.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ibjkbibg.exe	Generic Write,Read Attributes
c:\windows\syswow64\ibodmi32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ibodmi32.exe	Generic Write,Read Attributes
c:\windows\syswow64\icfnoblk.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\icfnoblk.exe	Generic Write,Read Attributes
c:\windows\syswow64\icmdoa32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\icmdoa32.exe	Generic Write,Read Attributes
c:\windows\syswow64\icmkqmpg.dll	Generic Write,Read Attributes
c:\windows\syswow64\iefkhe32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\iefkhe32.exe	Generic Write,Read Attributes
c:\windows\syswow64\ihfgmj32.dll	Generic Write,Read Attributes
c:\windows\syswow64\iikigjpk.dll	Generic Write,Read Attributes
c:\windows\syswow64\ijjiak32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ijjiak32.exe	Generic Write,Read Attributes
c:\windows\syswow64\ikbpko32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ikbpko32.exe	Generic Write,Read Attributes
c:\windows\syswow64\iljkadlh.dll	Generic Write,Read Attributes
c:\windows\syswow64\ilqngl32.dll	Generic Write,Read Attributes
c:\windows\syswow64\imcdidmd.dll	Generic Write,Read Attributes
c:\windows\syswow64\imehhpma.dll	Generic Write,Read Attributes
c:\windows\syswow64\jafnde32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jafnde32.exe	Generic Write,Read Attributes
c:\windows\syswow64\jbjdig32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jbjdig32.exe	Generic Write,Read Attributes
c:\windows\syswow64\jefcoc32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jefcoc32.exe	Generic Write,Read Attributes
c:\windows\syswow64\jgnjko32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jgnjko32.exe	Generic Write,Read Attributes
c:\windows\syswow64\jlnofm32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jlnofm32.exe	Generic Write,Read Attributes
c:\windows\syswow64\jnjomi32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\jnjomi32.exe	Generic Write,Read Attributes
c:\windows\syswow64\kaidpbqb.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\kaidpbqb.exe	Generic Write,Read Attributes
c:\windows\syswow64\kdibkhhd.dll	Generic Write,Read Attributes
c:\windows\syswow64\kebcka32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\kebcka32.exe	Generic Write,Read Attributes
c:\windows\syswow64\kemjpboc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\kemjpboc.exe	Generic Write,Read Attributes
c:\windows\syswow64\kffkemjh.dll	Generic Write,Read Attributes
c:\windows\syswow64\khiignpi.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\khiignpi.exe	Generic Write,Read Attributes
c:\windows\syswow64\khnbam32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\khnbam32.exe	Generic Write,Read Attributes
c:\windows\syswow64\kjeimi32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\kjeimi32.exe	Generic Write,Read Attributes
c:\windows\syswow64\knfnig32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\knfnig32.exe	Generic Write,Read Attributes
c:\windows\syswow64\knhngnhe.dll	Generic Write,Read Attributes
c:\windows\syswow64\kokoflla.dll	Generic Write,Read Attributes
c:\windows\syswow64\ladclq32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ladclq32.exe	Generic Write,Read Attributes
c:\windows\syswow64\lbmjed32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\lbmjed32.exe	Generic Write,Read Attributes
c:\windows\syswow64\leiilpef.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\leiilpef.exe	Generic Write,Read Attributes
c:\windows\syswow64\lfanoo32.dll	Generic Write,Read Attributes
c:\windows\syswow64\lfibcbcp.dll	Generic Write,Read Attributes
c:\windows\syswow64\lhlock32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\lhlock32.exe	Generic Write,Read Attributes
c:\windows\syswow64\lkpidjkk.dll	Generic Write,Read Attributes
c:\windows\syswow64\llennjjp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\llennjjp.exe	Generic Write,Read Attributes
c:\windows\syswow64\lljjkl32.dll	Generic Write,Read Attributes
c:\windows\syswow64\llqeck32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\llqeck32.exe	Generic Write,Read Attributes
c:\windows\syswow64\lomdif32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\lomdif32.exe	Generic Write,Read Attributes
c:\windows\syswow64\lqikeb32.dll	Generic Write,Read Attributes
c:\windows\syswow64\mapcho32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mapcho32.exe	Generic Write,Read Attributes
c:\windows\syswow64\mddjdbmb.dll	Generic Write,Read Attributes
c:\windows\syswow64\meeigo32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\meeigo32.exe	Generic Write,Read Attributes
c:\windows\syswow64\mhahnjlo.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mhahnjlo.exe	Generic Write,Read Attributes
c:\windows\syswow64\mhcijp32.dll	Generic Write,Read Attributes
c:\windows\syswow64\mhhnoieg.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mhhnoieg.exe	Generic Write,Read Attributes
c:\windows\syswow64\mjcbee32.dll	Generic Write,Read Attributes
c:\windows\syswow64\mkdnee32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mkdnee32.exe	Generic Write,Read Attributes
c:\windows\syswow64\mohdee32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mohdee32.exe	Generic Write,Read Attributes
c:\windows\syswow64\mommqdai.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mommqdai.exe	Generic Write,Read Attributes
c:\windows\syswow64\mpdilaah.dll	Generic Write,Read Attributes
c:\windows\syswow64\nagihnfo.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\nagihnfo.exe	Generic Write,Read Attributes
c:\windows\syswow64\ndchojgf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ndchojgf.exe	Generic Write,Read Attributes
c:\windows\syswow64\nfmhimbn.dll	Generic Write,Read Attributes
c:\windows\syswow64\nlhdjgjk.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\nlhdjgjk.exe	Generic Write,Read Attributes
c:\windows\syswow64\nlojkf32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\nlojkf32.exe	Generic Write,Read Attributes
c:\windows\syswow64\nodcac32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\nodcac32.exe	Generic Write,Read Attributes
c:\windows\syswow64\nokiab32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\nokiab32.exe	Generic Write,Read Attributes
c:\windows\syswow64\oclgpjni.dll	Generic Write,Read Attributes
c:\windows\syswow64\odjopi32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\odjopi32.exe	Generic Write,Read Attributes
c:\windows\syswow64\omcoan32.dll	Generic Write,Read Attributes
c:\windows\syswow64\pfniejbd.dll	Generic Write,Read Attributes
c:\windows\syswow64\phhmdj32.dll	Generic Write,Read Attributes
c:\windows\syswow64\pmdabn32.dll	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Mhcijp32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::threadingmodel	Apartment	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\shellserviceobjectdelayload::web event logger	{79FEACFF-FFCE-815E-A900-316290B5B738}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Iljkadlh.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Akhgefch.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Phhmdj32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Apdhmb32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Lljjkl32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Fngfdl32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Kdibkhhd.dll	RegNtPreCreateKey

HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Lqikeb32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Imehhpma.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Knhngnhe.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Mjcbee32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Dmkmbj32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Iikigjpk.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Cfgcob32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Lfanoo32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ilqngl32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Nfmhimbn.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Imcdidmd.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Pfniejbd.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Beocnd32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Fhpqfpjl.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Abmmqkei.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Foqpkkck.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Cbnnmh32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Mddjdbmb.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Cjnligob.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ehneekon.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Banknc32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Lkpidjkk.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ccaodg32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Kokoflla.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Baobfc32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Oclgpjni.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Bmlikg32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Fefegcjb.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Dmmjgdde.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Mpdilaah.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Lfibcbcp.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Omcoan32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Cnhchkhj.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ddffkkgo.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ihfgmj32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ceillbln.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Hfejhp32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Hijdfa32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Kffkemjh.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Fqgenb32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Pmdabn32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Bogeobnn.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Dkgpihcm.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Agbkkjbk.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Icmkqmpg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79feacff-ffce-815e-a900-316290b5b738}\inprocserver32::	C:\WINDOWS\SysWow64\Ambejh32.dll	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose Show More ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess WinExec
Anti Debug	NtQuerySystemInformation
User Data Access	GetUserObjectInformation

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\67805e92e4827d1adf131c423e4c3db610dc6abd_0000061440.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\71a1a1788ec69cc4858a74c97d64df989ab59113_0000344064.,LiQMAxHB


							C:\WINDOWS\system32\Odjopi32.exe

Worm.Allaple

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Worm.Allaple

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed