Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Vitruvian.A

Adware.Vitruvian.A

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 26,604
Threat Level: 20 % (Normal)
Infected Computers: 24
First Seen: January 12, 2023
Last Seen: January 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Vitruvian.A
Signature status: Self Signed

Known Samples

MD5: 565359c69eaf59feac843cca7ee6d82f
SHA1: bff6fce49082c4f2cef0a42ebe9b357b927ee66b
SHA256: 22018343EF827216FC87B4EA1ACC91ECB5DDB6EBB3FF12497ED87FDEAB79FE0A
File Size: 1.19 MB, 1188040 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name PhraseProfessor
File Description PP Setup
File Version 1.10.0.24
Internal Name PhraseProfessor-setup.exe
Legal Copyright (c) 2015 PhraseProfessor
Original Filename PhraseProfessor-setup.exe
Product Name PP
Product Version 1.10.0.24

Digital Signatures

Signer Root Status
Phrase Professor GlobalSign CodeSigning CA - G2 Self Signed

File Traits

  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7b.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7b.tmp\nsisplugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7b.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbd6a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\vitruvian-installer-processes-v0002 Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\phraseprofessor_1.10.0.24::nid BFEB5820-9643-42AD-A79F-071DFF4D8E64 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption

Trending

Most Viewed

Loading...