Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [HKLM\Software\Classes\Applications\uniextract.exe\shell\Open\command] '' = '"%ProgramFiles(x86)%\Universal Extractor\uniextract.exe" "%1" /sub'
Modifies file system
Creates the following files
- %ProgramFiles(x86)%\universal extractor\bin\dbxplug.wcx
- %ProgramFiles(x86)%\universal extractor\bin\e_wise.ini
- %ProgramFiles(x86)%\universal extractor\bin\hlp.wcx
- %ProgramFiles(x86)%\universal extractor\bin\iclread.wcx
- %ProgramFiles(x86)%\universal extractor\bin\instexpl.wcx
- %ProgramFiles(x86)%\universal extractor\bin\iso.wcx
- %ProgramFiles(x86)%\universal extractor\bin\mhtunpack.wcx
- %ProgramFiles(x86)%\universal extractor\bin\modules\gentee.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\ishield.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\isoimg.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\mbox.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\mime.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\mpq.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\msi.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\pdf.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\pst.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\relic.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\sfact.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\udfimg.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\valve.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\vp.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\wise.so
- %ProgramFiles(x86)%\universal extractor\bin\modules\x23cat.so
- %ProgramFiles(x86)%\universal extractor\bin\msi.wcx
- %ProgramFiles(x86)%\universal extractor\bin\msiunpack.vbs
- %ProgramFiles(x86)%\universal extractor\bin\observer.ini
- %ProgramFiles(x86)%\universal extractor\bin\pdunsis.wcx
- %ProgramFiles(x86)%\universal extractor\bin\totalobserver.wcx
- %ProgramFiles(x86)%\universal extractor\bin\triddefs.trd
- %ProgramFiles(x86)%\universal extractor\bin\unp\bzip2_1.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\bzip2_2.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\bzip2_3.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\eschalon.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\gentee.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\inflate1.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\inflate2.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\inflate3.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\lzma.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\pkware.unp
- %ProgramFiles(x86)%\universal extractor\bin\unp\vise.unp
- %ProgramFiles(x86)%\universal extractor\bin\userdb.txt
- %ProgramFiles(x86)%\universal extractor\bin\withoutver.ini
- %ProgramFiles(x86)%\universal extractor\config.inf
- %ProgramFiles(x86)%\universal extractor\lang\english.ini
- %ProgramFiles(x86)%\universal extractor\lang\italian.ini
- %ProgramFiles(x86)%\universal extractor\uniextract.ini
- %ProgramFiles(x86)%\universal extractor\bin\7z.dll
- %ProgramFiles(x86)%\universal extractor\bin\7z.exe
- %ProgramFiles(x86)%\universal extractor\bin\7z_new\7z.dll
- %ProgramFiles(x86)%\universal extractor\bin\7z_new\7z.exe
- %ProgramFiles(x86)%\universal extractor\bin\7z_old\7z.dll
- %ProgramFiles(x86)%\universal extractor\bin\7z_old\7z.exe
- %ProgramFiles(x86)%\universal extractor\bin\afpiunpack.exe
- %ProgramFiles(x86)%\universal extractor\bin\arc.exe
- %ProgramFiles(x86)%\universal extractor\bin\aspackdie.exe
- %ProgramFiles(x86)%\universal extractor\bin\aspackdie22.exe
- %ProgramFiles(x86)%\universal extractor\bin\balz.exe
- %ProgramFiles(x86)%\universal extractor\bin\cdirip.exe
- %ProgramFiles(x86)%\universal extractor\bin\clit.exe
- %ProgramFiles(x86)%\universal extractor\bin\cmdtotal.exe
- %ProgramFiles(x86)%\universal extractor\bin\daa2iso.exe
- %ProgramFiles(x86)%\universal extractor\bin\exeinfope.exe
- %ProgramFiles(x86)%\universal extractor\bin\expander.exe
- %ProgramFiles(x86)%\universal extractor\bin\ext_detector.dll
- %ProgramFiles(x86)%\universal extractor\bin\e_wise_w.exe
- %ProgramFiles(x86)%\universal extractor\bin\forcelibrary.dll
- %ProgramFiles(x86)%\universal extractor\bin\i3comp.exe
- %ProgramFiles(x86)%\universal extractor\bin\innounp.exe
- %ProgramFiles(x86)%\universal extractor\bin\instexpl.dll
- %ProgramFiles(x86)%\universal extractor\bin\isxunpack.exe
- %ProgramFiles(x86)%\universal extractor\bin\less\lessio.dll
- %ProgramFiles(x86)%\universal extractor\bin\less\lessmsi.core.dll
- %ProgramFiles(x86)%\universal extractor\bin\less\lessmsi.exe
- %ProgramFiles(x86)%\universal extractor\bin\less\libmspackn.dll
- %ProgramFiles(x86)%\universal extractor\bin\less\mspack.dll
- %ProgramFiles(x86)%\universal extractor\bin\less\wix.dll
- %ProgramFiles(x86)%\universal extractor\bin\less\wixcab.dll
- %ProgramFiles(x86)%\universal extractor\bin\lzip.exe
- %ProgramFiles(x86)%\universal extractor\bin\lzop.exe
- %ProgramFiles(x86)%\universal extractor\bin\modules\glib-2.0.dll
- %ProgramFiles(x86)%\universal extractor\bin\modules\gmime.dll
- %ProgramFiles(x86)%\universal extractor\bin\modules\gobject-2.0.dll
- %ProgramFiles(x86)%\universal extractor\bin\modules\libbz2.dll
- %ProgramFiles(x86)%\universal extractor\bin\modules\zlib1.dll
- %ProgramFiles(x86)%\universal extractor\bin\msitran.exe
- %ProgramFiles(x86)%\universal extractor\bin\msix.exe
- %ProgramFiles(x86)%\universal extractor\bin\nbhextract.exe
- %ProgramFiles(x86)%\universal extractor\bin\pea.exe
- %ProgramFiles(x86)%\universal extractor\bin\peid.exe
- %ProgramFiles(x86)%\universal extractor\bin\quad.exe
- %ProgramFiles(x86)%\universal extractor\bin\raiu.exe
- %ProgramFiles(x86)%\universal extractor\bin\sfxsplit.exe
- %ProgramFiles(x86)%\universal extractor\bin\sim_unpacker.exe
- %ProgramFiles(x86)%\universal extractor\bin\stix_w32.exe
- %ProgramFiles(x86)%\universal extractor\bin\stuffit5.engine-5.1.dll
- %ProgramFiles(x86)%\universal extractor\bin\tee.exe
- %ProgramFiles(x86)%\universal extractor\bin\trid.exe
- %ProgramFiles(x86)%\universal extractor\bin\uharc02.exe
- %ProgramFiles(x86)%\universal extractor\bin\uharc04.exe
- %ProgramFiles(x86)%\universal extractor\bin\uif2iso.exe
- %ProgramFiles(x86)%\universal extractor\bin\unace32.exe
- %ProgramFiles(x86)%\universal extractor\bin\unarc.exe
- %ProgramFiles(x86)%\universal extractor\bin\unlzx.exe
- %ProgramFiles(x86)%\universal extractor\bin\unshield.exe
- %ProgramFiles(x86)%\universal extractor\bin\unuharc06.exe
- %ProgramFiles(x86)%\universal extractor\bin\unzip.exe
- %ProgramFiles(x86)%\universal extractor\bin\unzoo.exe
- %ProgramFiles(x86)%\universal extractor\bin\upx.exe
- %ProgramFiles(x86)%\universal extractor\bin\upxunpacker.exe
- %ProgramFiles(x86)%\universal extractor\bin\uudeview.exe
- %ProgramFiles(x86)%\universal extractor\bin\wun.exe
- %ProgramFiles(x86)%\universal extractor\bin\zpaq.exe
- %ProgramFiles(x86)%\universal extractor\setuserfta.exe
- %ProgramFiles(x86)%\universal extractor\uniextract.exe
- %ProgramFiles(x86)%\universal extractor\uninstall.exe
- nul
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\universal extractor\universal extractor.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\universal extractor\disinstalla universal extractor.lnk
Deletes following files that it created itself
- %ProgramFiles(x86)%\universal extractor\setuserfta.exe
- %ProgramFiles(x86)%\universal extractor\config.inf
Miscellaneous
Creates and executes the following
- '%ProgramFiles(x86)%\universal extractor\setuserfta.exe' .pea UniExtract
Executes the following
- '<SYSTEM32>\rundll32.exe' advpack.dll, LaunchINFSection %ProgramFiles(x86)%\Universal Extractor\Config.inf, DefaultInstall,1
- '<SYSTEM32>\cmd.exe' /c ping -n 1 127.0.0.1>nul
- '<SYSTEM32>\ping.exe' -n 1 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c icacls "%ProgramFiles(x86)%\Universal Extractor" /grant "Users:(OI)(CI)F"
- '<SYSTEM32>\icacls.exe' "%ProgramFiles(x86)%\Universal Extractor" /grant "Users:(OI)(CI)F"
- '<SYSTEM32>\rundll32.exe' advpack.dll,DelNodeRunDLL32 %ProgramFiles(x86)%\Universal Extractor\SetUserFTA.exe
- '<SYSTEM32>\rundll32.exe' advpack.dll,LaunchINFSection Config.inf,UniversalExtractor.ShortCut,1
- '<SYSTEM32>\rundll32.exe' advpack.dll, LaunchINFSection %ProgramFiles(x86)%\Universal Extractor\Config.inf, DefaultInstall,1' (with hidden window)
- '%ProgramFiles(x86)%\universal extractor\setuserfta.exe' .pea UniExtract' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ping -n 1 127.0.0.1>nul' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c icacls "%ProgramFiles(x86)%\Universal Extractor" /grant "Users:(OI)(CI)F"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' advpack.dll,DelNodeRunDLL32 %ProgramFiles(x86)%\Universal Extractor\SetUserFTA.exe' (with hidden window)
- '<SYSTEM32>\rundll32.exe' advpack.dll,LaunchINFSection Config.inf,UniversalExtractor.ShortCut,1' (with hidden window)
