Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Driver Talent

PUP.Driver Talent

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 1,348
Threat Level: 10 % (Normal)
Infected Computers: 79,599
First Seen: March 27, 2019
Last Seen: April 26, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.Driver Talent

File System Details

PUP.Driver Talent may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. ldrvsvc.dll b366296720ac09d60d99c5d6bc716c3b 42,476
2. drivertalentxwebsetup_b2222b[1].exe d0de2ab20d4249e7d260efbf1add0468 183
3. DriverTalent_2222_10_0_23_74.exe 86984bb56b34d2fa777840cd252260e0 172
4. DriverTalent_2222_10_0_31_86.exe 731c772d5e1f63eb439d6b1857e7595e 104
5. drivertalentx.exe 0d7e2eacff9e93ef81a5894d9362dc3a 104
6. DriverTalent_setup_8.0.10.58.exe 5a66fd4bff264e8bfec4c0cd6d8c74af 36
7. DriverTalent.exe 52b796b868cbebb712a205aa2d39c461 25
8. DriverTalent_ostoto_setup_8_1_9.20.exe 7c3dc80884f2f6789c9dcf1370c4e0b7 11
9. 3151_drivertalent-181031.exe da37771b8ad070a5afb2cee5a8a499d1 1
10. DriverTalent_net_ostoto.exe 4e06dcfd0a4279408f5fdc2d0adf66a9 0
11. F799EC23A5C37B86C5098F13DD3E2E0ABF37EB3F f799ec23a5c37b86c5098f13dd3e2e0a 0
More files

Analysis Report

General information

Family Name: PUP.Driver Talent
Signature status: Self Signed

Known Samples

MD5: 1467ca69d449586be2c4cab470d68afb
SHA1: 762e79f88b06cabb5b292b115390e8e3712c0388
SHA256: 756A5E07474D087060514B3B075B35D7EF7B95384E21A2D3BB4463E04F0AB046
File Size: 224.82 KB, 224824 bytes
MD5: 2727a7e702b6793c05a2196d22133614
SHA1: 08b5fe1fe1cb8b90a2b9d3cb6a9b604f967a7077
SHA256: D9665614EECE61A3815950DA8C1F264E55575AD1EC7BD6192B11F38BCFFE37C6
File Size: 204.09 KB, 204095 bytes
MD5: 0cfb657f96b5869f00a4f27523527f03
SHA1: 91a7f7431fc90741cab9e5486981a8431ce859ee
SHA256: DF319809D863C60BAE3A35D77D9F7C405E9FA2EC12CE2631EABB3015DE28728B
File Size: 9.92 MB, 9921327 bytes
MD5: 6ae7827aed6a0494c616b4f48845a553
SHA1: 39cc5251d819bbc4e5e10c10ea228dd2b6cf5fb7
SHA256: 9434C7E1D5A34B4AE216DCFE094169399177DA2BE612F641D8324252D04795BD
File Size: 4.80 MB, 4803880 bytes
MD5: fcab323433fd1346f1ce5f01c67998c8
SHA1: 2ca066d48f05382186829eb29da0c20afcc8548f
SHA256: A23EBB39DDFBC96585E706844DD8D1D95ACE7D80BF02BB416D8C9182E2CF2E88
File Size: 647.17 KB, 647168 bytes
Show More
MD5: 162752604bf81c68e22e4fd217f93e51
SHA1: 105f2050c1b59fe9cd18e7bd134a094708a6ccc4
SHA256: A6F40AE75373561910380269E9FC1874607E1A927A27ADEE31E04818B6715D1D
File Size: 5.08 MB, 5084464 bytes
MD5: 3d30124d41a2cb6cf01768aeaabb9d8a
SHA1: 28770b6ad1c42971323eb66bee63c9f3ba1953e0
SHA256: 5E12CC0434D660C56E3140CFF3F0C56E1F1F45DA0E88E7ADEBFB443A79F2A6AE
File Size: 5.46 MB, 5463376 bytes
MD5: 1fa3e10fa433575ed9acb4e509d3d0bf
SHA1: 36279bdb09a17f50e4e4d6bdc179da541c7065ad
SHA256: 7717DE531681D872464B0DD16E6ED1E91932246512204E0D43988F3D2BB49B4E
File Size: 5.77 MB, 5771688 bytes
MD5: 0108f0ec9328360efdcf7a42d71e172a
SHA1: 3f89df218ae47e2ce0c1a081cb6d35e992950e22
SHA256: 0D68944EB922C22F22ED675A971EFA9C21FFB4A293DCA5D4097BDCEB276F2BA1
File Size: 5.46 MB, 5455760 bytes
MD5: b2353ea7648a19dcfdfbdb4883e91ed3
SHA1: e327c64b28d92ff0c0cc60d7ef58a39d64f1886e
SHA256: 91BB1B96749CBD36223F59CCDFD92A9E6B745D87142D046E2258669BDEC6C534
File Size: 6.38 MB, 6378599 bytes
MD5: ea2e2d8de173561f71804da5a8de738e
SHA1: 208d88c10c6c9ec3c52797480ab3fa5e7e3af23d
SHA256: A55A1C43460A6A2C157B87ABC2ECE9FD7D0FAAE43D5F2A0739BA34F23082FAD4
File Size: 272.94 KB, 272935 bytes
MD5: b7988c9cba344275a200341e1b076356
SHA1: 82186cd4d828be48b2955bc68f5548e1603b003f
SHA256: 7B6A1147DF59CDDE5AC2D9F4729106CB01C40343B47641301D827612290E9E79
File Size: 5.55 MB, 5546928 bytes
MD5: 2e2e884cb552a46173beb8875f335934
SHA1: 27aa0842ed1638fb137e168422372a80155564d6
SHA256: 206D66C67BB2BE89C2869DB29F8CE52BA816AEF9D463E11E8EAA7DAF702E0022
File Size: 598.95 KB, 598952 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments 通用组件
Company Name
  • Drive The Life Co., Ltd
  • Dtl
  • OSToto Co. , Ltd.
  • 深圳市驱动人生科技股份有限公司
File Description
  • CNICDriver
  • Driver Talent
  • DriverTalentX Main App
  • DriverTalentX Uninstaller
  • DriverTalentX web install file
  • OSTotoHotspot安装程序
  • 动态链接库
  • 快速搜索 Setup
  • 驱动人生 Uninstaller
File Version
  • 10.1.37.98
  • 8.1.12.72
  • 8.1.3.14
  • 4.1.9.4
  • 2.0.0.38
  • 2.0.0.25
  • 1.0.0.18
  • 1.0.0.6
  • 1.0.0.2
  • 1.0.0.0
Show More
  • 1, 0, 3, 40
Internal Name
  • CNICDriv.dll
  • Driver Talent
  • DTLInstaller
  • DtlWebIn.exe
  • MainV.exe
  • substat
Legal Copyright
  • Copyright (C) 2008-2022 OSToto. All rights reserved.
  • Copyright (C) 2008-2024 OSToto. All rights reserved.
  • Copyright (C) 2008-2025 OSToto. All rights reserved.
  • Copyright (C) 2018
  • Copyright (c) 2020 深圳市驱动人生科技股份有限公司。保留所有权利。
  • Copyright © 2008-2025 OSToto. All rights reserved.
  • Copyright © 2015 | Drive The Life Co., Ltd. All Rights Reserved
Original Filename
  • CNICDriver.dll
  • Driver Talent
  • DriverTalentX.exe
  • DTLInstaller.exe
  • DtlWebIn.exe
  • MainV.exe
  • substat.dll
Product Name
  • CNICDriver
  • Driver Talent
  • DriverTalentX
  • OSTotoHotspot
  • 动态链接库
  • 快速搜索
  • 驱动人生
Product Version
  • 10.1.37.98
  • 8.1.12.72
  • 8.1.3.14
  • 4.1.9.4
  • 2.0.0.38
  • 2.0.0.25
  • 1.0.0.18
  • 1.0.0.6
  • 1.0.0.2
  • 1.0.0.0
Show More
  • 1, 0, 3, 40

Digital Signatures

Signer Root Status
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert Assured ID Code Signing CA-1 Self Signed
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert Assured ID Root CA Root Not Trusted
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert SHA2 Assured ID Code Signing CA Self Signed
OSTOTO CO., LIMITED GlobalSign GCC R45 EV CodeSigning CA 2020 Hash Mismatch
OSTOTO CO., LIMITED GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed
Show More
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Code Signing 2010 CA Hash Mismatch
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch

Block Information

Total Blocks: 2,084
Potentially Malicious Blocks: 10
Whitelisted Blocks: 2,025
Unknown Blocks: 49

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 2 0 1 2 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 0 0 0 2 2 0 0 1 0 0 0 0 1 2 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 2 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 2 2 1 0 1 1 0 1 0 1 0 0 1 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\dtlinstui.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\installheper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\libnetwork.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\sqlite3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\uninstall.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\zlibwapi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ostoto\drivertalentx\lan\instui\en-us Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\rcxa708.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\zgokr00.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zgokr00.exe Synchronize,Write Data
c:\windows\syswow64\log\stat.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\ostotohotspot::newdriverflag  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Network Info Queried
  • GetAdaptersInfo
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock2
  • WSAStartup
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • getsockname
  • send
  • setsockopt
  • socket
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\762e79f88b06cabb5b292b115390e8e3712c0388_0000224824.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\08b5fe1fe1cb8b90a2b9d3cb6a9b604f967a7077_0000204095.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\208d88c10c6c9ec3c52797480ab3fa5e7e3af23d_0000272935.,LiQMAxHB

Trending

Most Viewed

Loading...