Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Padodor.F

Trojan.Padodor.F

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 12,672
Threat Level: 80 % (High)
Infected Computers: 39
First Seen: September 8, 2023
Last Seen: June 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Padodor.F
Signature status: No Signature

Known Samples

MD5: 4e87deda99e5c299b33fa86346a6d390
SHA1: f8d2817cd5d732f5d12a4e73d6639ff324e0507d
SHA256: 2A373B670001C3693D511985145132C183C1B0A9DDED753F4CB53A5814A8A5A5
File Size: 98.34 KB, 98339 bytes
MD5: faa9894c2666dc9b0aa3e9bfc055f62d
SHA1: c4bc59620abf3e5de16e5e2fcdb25df4fd70a067
SHA256: CC37954CB17541D17223F47047E0C3658D0643C8E22206D4DBA0C48F1F688FED
File Size: 92.67 KB, 92672 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 1
Potentially Malicious Blocks: 1
Whitelisted Blocks: 0
Unknown Blocks: 0

Visual Map

x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Files Modified

File Attributes
c:\windows\syswow64\aaifephh.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aaifephh.exe Generic Write,Read Attributes
c:\windows\syswow64\aakbjo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aakbjo32.exe Generic Write,Read Attributes
c:\windows\syswow64\aanopo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aanopo32.exe Generic Write,Read Attributes
c:\windows\syswow64\aipanb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\aipanb32.exe Generic Write,Read Attributes
c:\windows\syswow64\ammgqimq.dll Generic Write,Read Attributes
c:\windows\syswow64\bjapiela.dll Generic Write,Read Attributes
Show More
c:\windows\syswow64\bpmlph32.dll Generic Write,Read Attributes
c:\windows\syswow64\cbfkod32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cbfkod32.exe Generic Write,Read Attributes
c:\windows\syswow64\ccqadicb.dll Generic Write,Read Attributes
c:\windows\syswow64\cdoahh32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\cdoahh32.exe Generic Write,Read Attributes
c:\windows\syswow64\cfddcp32.dll Generic Write,Read Attributes
c:\windows\syswow64\cmaage32.dll Generic Write,Read Attributes
c:\windows\syswow64\dajhbk32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dajhbk32.exe Generic Write,Read Attributes
c:\windows\syswow64\dcbjkb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dcbjkb32.exe Generic Write,Read Attributes
c:\windows\syswow64\dcpneb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dcpneb32.exe Generic Write,Read Attributes
c:\windows\syswow64\dgimpa32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\dgimpa32.exe Generic Write,Read Attributes
c:\windows\syswow64\eglnnpbn.dll Generic Write,Read Attributes
c:\windows\syswow64\egngcq32.dll Generic Write,Read Attributes
c:\windows\syswow64\ejeenkkk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\ejeenkkk.exe Generic Write,Read Attributes
c:\windows\syswow64\enjknkjl.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\enjknkjl.exe Generic Write,Read Attributes
c:\windows\syswow64\enlhcjgi.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\enlhcjgi.exe Generic Write,Read Attributes
c:\windows\syswow64\fdmfqc32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\fdmfqc32.exe Generic Write,Read Attributes
c:\windows\syswow64\gcncnn32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gcncnn32.exe Generic Write,Read Attributes
c:\windows\syswow64\gdiflb32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gdiflb32.exe Generic Write,Read Attributes
c:\windows\syswow64\gdnogakk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gdnogakk.exe Generic Write,Read Attributes
c:\windows\syswow64\glneem32.dll Generic Write,Read Attributes
c:\windows\syswow64\gnhqffoi.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\gnhqffoi.exe Generic Write,Read Attributes
c:\windows\syswow64\hbmibc32.dll Generic Write,Read Attributes
c:\windows\syswow64\hcaecc32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hcaecc32.exe Generic Write,Read Attributes
c:\windows\syswow64\hcoldlef.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hcoldlef.exe Generic Write,Read Attributes
c:\windows\syswow64\henhnoli.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\henhnoli.exe Generic Write,Read Attributes
c:\windows\syswow64\heokelai.dll Generic Write,Read Attributes
c:\windows\syswow64\hfaqdadl.dll Generic Write,Read Attributes
c:\windows\syswow64\hghkpk32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hghkpk32.exe Generic Write,Read Attributes
c:\windows\syswow64\hjanqgck.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hjanqgck.exe Generic Write,Read Attributes
c:\windows\syswow64\hkajjj32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\hkajjj32.exe Generic Write,Read Attributes
c:\windows\syswow64\hkpangig.dll Generic Write,Read Attributes
c:\windows\syswow64\jmomfgjo.dll Generic Write,Read Attributes
c:\windows\syswow64\jpgbhben.dll Generic Write,Read Attributes
c:\windows\syswow64\kigffm32.dll Generic Write,Read Attributes
c:\windows\syswow64\klbgpd32.dll Generic Write,Read Attributes
c:\windows\syswow64\knhngnhe.dll Generic Write,Read Attributes
c:\windows\syswow64\knpcen32.dll Generic Write,Read Attributes
c:\windows\syswow64\lmkjqe32.dll Generic Write,Read Attributes
c:\windows\syswow64\mamnih32.dll Generic Write,Read Attributes
c:\windows\syswow64\mdiccepg.dll Generic Write,Read Attributes
c:\windows\syswow64\okoikg32.dll Generic Write,Read Attributes
c:\windows\syswow64\pclome32.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Knhngnhe.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\shellserviceobjectdelayload::web event logger {79FAA099-1BAE-816E-D711-115290CEE717} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Mamnih32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Heokelai.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Ammgqimq.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Pclome32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Hfaqdadl.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Hkpangig.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Kigffm32.dll RegNtPreCreateKey
Show More
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Cmaage32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Cfddcp32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Knpcen32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Mdiccepg.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Klbgpd32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Ccqadicb.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Bjapiela.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Eglnnpbn.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Jpgbhben.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Glneem32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Bpmlph32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Egngcq32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Okoikg32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Hbmibc32.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Jmomfgjo.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{79faa099-1bae-816e-d711-115290cee717}\inprocserver32:: C:\WINDOWS\SysWow64\Lmkjqe32.dll RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • WinExec

Shell Command Execution

C:\WINDOWS\system32\Hcaecc32.exe

Trending

Most Viewed

Loading...