Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.TopTools

PUP.TopTools

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.TopTools
Signature status: Self Signed

Known Samples

MD5: 24101e16a33d6b8b5ede49adb5799474
SHA1: 468571ad58803f9ef4b8c511ddf413a3d36236ef
SHA256: 975F9AE814BB1B372C7EE0D69AF214F9353D44AD750C1A2B097E0F62C317E3B7
File Size: 669.67 KB, 669672 bytes
MD5: 48061dc67b60d631611db6dec4b01e84
SHA1: 45d3e2534d07d04ead9fb4d9dc1b1f5d1fb12e6c
SHA256: 35D4F3024A2DA253BF860641AADAE804D5896A67D8F7D4DAA9E3A62B4468DCF5
File Size: 6.44 MB, 6442248 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Channel Name base
Company Name
  • CatchYouTube
  • ShenZhen Enode Techology co,.Ltd
File Description
  • CatchYouTube
  • The Desktop Weather
File Version
  • 3.0.0.1274
  • 1.2.2.10256
Internal Name mainfram.exe
Legal Copyright
  • Copyright (C) 2014 ShenZhen Enode Techology co,.Ltd All Rights Reserved
  • Copyright (C) 2015
Original Filename mainfram.exe
Product Name
  • CatchYouTube
  • The Desktop Weather
Product Version
  • 3.0.0.1274
  • 1.2.2.10256

Digital Signatures

Signer Root Status
ShenZhen Enode Techology co,.Ltd VeriSign Class 3 Code Signing 2010 CA Self Signed

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\weathertool\1.2.2.10256\cloudoptclient\cloudoptclient.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\cloudoptclient\cloudoptclient.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\cloudoptclient\url.ini Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\cloudoptclient\url.ini Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\crashreport64.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\crashreport64.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\crashreportmoduleconf.ini Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\crashreportmoduleconf.ini Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\crashul.exe Generic Write,Read Attributes
Show More
c:\program files (x86)\weathertool\1.2.2.10256\crashul.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpconfig.ini Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpconfig.ini Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpdr.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpdr.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evphelp.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evphelp.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpkernel.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpkernel.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpnet.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evpnet.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evptask.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\evptask.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\installhelper.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\installhelper.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\report.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\report.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\city.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\city.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\cn\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\en\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\icon_config.ini Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\icon_config.ini Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\jp\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\about.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\about.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\back.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\back.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg2.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg2.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg3.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\bg3.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\close.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\close.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\collapse.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\collapse.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\comboboxarrow.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\comboboxarrow.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\expand.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\expand.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\humidity.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\humidity.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\refresh.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\refresh.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\refresh10g.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\refresh10g.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\scrollbar.bmp Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\scrollbar.bmp Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\scrollbars.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\scrollbars.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\search.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\search.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\select.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\select.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\split_line.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\split_line.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\tianqi_l_30x28.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\tianqi_l_30x28.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\tianqi_l_60x55.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\tianqi_l_60x55.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\bg.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\bg.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\button.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\button.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\buttondown.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\buttondown.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\click.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\click.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\close.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\close.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\hover.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\hover.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\normal.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\normal.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page1.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page1.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page2.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page2.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page3.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page3.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page4.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\page4.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\uninstall.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\uninstall.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\uninstalldown.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\uninstall\uninstalldown.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\unselect.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\unselect.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\write_line.png Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\picture\write_line.png Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\wunder_city.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\wunder_city.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\cn\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\en\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin2.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin2.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin3.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin3.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin4.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\xp\jp\skin4.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\yahoo_city.xml Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\res\yahoo_city.xml Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\updateplatform.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\updateplatform.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weather.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weather.exe Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weatherentrydll.dll Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weatherentrydll.dll Synchronize,Write Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weatherservice.exe Generic Write,Read Attributes
c:\program files (x86)\weathertool\1.2.2.10256\weatherservice.exe Synchronize,Write Attributes
c:\users\public\documents\baidu\common\i18n\conf.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\public\documents\guid\common\i18n\conf.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\public\documents\guid\common\i18n\ipcsupdatecache\installhelper\6608201269efba00 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installhelper.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installhelper.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsgfe3e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\roaming\weathertool\dump\bugreportconfig.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\weathertool\dump\dumpconfig.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\weathertool\quit::quitsession {D1E7C8F3-3A58-4A99-A6C2-06008D500770}-1 RegNtPreCreateKey
HKLM\software\weathertool\settings::producttype DeskTop RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::displayname The Desktop Weather 1.2 RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::displayicon C:\Program Files (x86)\WeatherTool\1.2.2.10256\weather.exe RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::uninstallstring C:\Program Files (x86)\WeatherTool\1.2.2.10256\InstallHelper.exe -Uninstall English RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::displayversion 1.2.2.10256 RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::displayfullversion 1.2.2.10256 RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\weathertool::publisher ShenZhen Enode Techology co,.Ltd RegNtPreCreateKey
HKLM\software\weathertool\settings::datasource BAIDU RegNtPreCreateKey
HKLM\software\weathertool\settings::apiurl RegNtPreCreateKey
Show More
HKLM\software\weathertool\settings::updateurl RegNtPreCreateKey
HKLM\software\weathertool\settings::cityapiurl http://weather.toptools100.com/getCity? RegNtPreCreateKey
HKLM\software\weathertool\settings::searchcityapiurl http://weather.toptools100.com/search? RegNtPreCreateKey
HKLM\software\weathertool\settings::reloaddatainterval 6 RegNtPreCreateKey
HKLM\software\dtsencodetools::{3b7fd029-d932-411b-af15-c96cf8ef0c18} {3B7FD029-D932-411b-AF15-C96CF8EF0C18} RegNtPreCreateKey
HKLM\software\weathertool::partnerid base RegNtPreCreateKey
HKLM\software\weathertool::version 1.2.2.10256 RegNtPreCreateKey
HKLM\software\weathertool::userid RegNtPreCreateKey
HKLM\software\weathertool\install_mark::version 1.2.2.10256 RegNtPreCreateKey
HKLM\software\weathertool\1.2.2.10256::install_path C:\Program Files (x86)\WeatherTool\1.2.2.10256 RegNtPreCreateKey
HKLM\software\weathertool::install_first_time 2026-04-27_12:33:01 RegNtPreCreateKey
HKCU\software\baidu\application bug\allinone\log\installhelper.exe::ticks 줰ﲋ홁ǜ RegNtPreCreateKey
HKCU\software\baidu\application bug\allinone\log\installhelper.exe::times RegNtPreCreateKey
HKCU\software\baidu\application bug\allinone\log\installhelper.exe::times  RegNtPreCreateKey
HKCU\software\baidu\application bug\allinone\log\installhelper.exe::times  RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtLockFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnlockFile
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Service Control
  • OpenSCManager
  • OpenService
  • StartService
Network Info Queried
  • GetAdaptersAddresses
Anti Debug
  • IsDebuggerPresent
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
Other Suspicious
  • AdjustTokenPrivileges
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Rqrzmvai\AppData\Local\Temp\InstallHelper.exe" -CalendarInstalled
"C:\Users\Rqrzmvai\AppData\Local\Temp\InstallHelper.exe" -InstallBegin
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\WeatherService.exe" -InstallService
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\InstallHelper.exe" -Install "c:\users\user\downloads\45d3e2534d07d04ead9fb4d9dc1b1f5d1fb12e6c_0006442248"
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\CrashReport64.exe" /BugInfo:5870860,2016,8820,588
Show More
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\CrashReport64.exe" /BugInfo:4b10860,4948,3492,616
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\InstallHelper.exe" -InstallCloudOPTClient
"C:\Program Files (x86)\WeatherTool\1.2.2.10256\CrashReport64.exe" /BugInfo:52c0860,7120,5572,616

Related Posts

Trending

Most Viewed

Loading...