Multi-License Discount Quote

Change Region

English
Threat Database Worms Worm.Nohad.A

Worm.Nohad.A

By CagedTech in Worms

Threat Scorecard

Popularity Rank: 12,027
Threat Level: 50 % (Medium)
Infected Computers: 1,448
First Seen: April 28, 2019
Last Seen: March 29, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Worm.Nohad.A
Signature status: No Signature

Known Samples

MD5: f20ae01a74f763aadb0f8255a82157df
SHA1: d8d1dd355a98c4c444b5094663f70caf624c5a30
SHA256: 2C37B93FDE7CEDFDC6D328B43C532E9FD0C4B173A1BF7D4C6E0EAA54792790CE
File Size: 4.09 MB, 4091515 bytes
MD5: 51d1f06f8f4750cbcba9279ddf9ad6b6
SHA1: 7cc3b10b165d905bfc5859d951df2c771ec97f9b
SHA256: D6F2A5DCFF6B1375FA75D550C808DAA3F5A122D3EF9887361A1652479776E2B3
File Size: 3.81 MB, 3814020 bytes
MD5: c1c09298eebb9885553aba3087fce86f
SHA1: e05816c52cb6956b763cdada7aec70731e407663
SHA256: 64DF5A36F4D9E147AFA85E697642488292DC2BC49C832821C3A01DC6A0A7F56C
File Size: 4.09 MB, 4091591 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments www.facebook.com/llaneroinformatico
Company Name Perú
File Description Explorador de Windows
File Version
  • 1.00
  • 1.0.0.0
Internal Name
  • llanero solitario
  • TJprojMain
Legal Copyright llanero solitario
Legal Trademarks llanero solitario
Original Filename
  • llanero solitario
  • TJprojMain.exe
Product Name
  • llanero solitario
  • Project1
Product Version
  • 1.00
  • 1.0.0.0

File Traits

  • 2+ executable sections
  • VirtualQueryEx
  • x86

Block Information

Similar Families

  • InstallMonstr.B

Files Modified

File Attributes
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\nottepad.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\nottepad.exe Synchronize,Write Attributes
c:\users\user\documen Synchronize,Write Attributes
c:\users\user\documen\nod42.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\documen\nod42.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
User Data Access
  • GetUserObjectInformation

Shell Command Execution

open C:\Users\Gcdogrhb\Documen\nod42.exe
open c:\users\user\downloads\7cc3b10b165d905bfc5859d951df2c771ec97f9b_0003814020

Trending

Most Viewed

Loading...