PUP.AdjProg.A
Table of Contents
Analysis Report
General information
| Family Name: | PUP.AdjProg.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e3e71d569edc5e2cffcdbb5c6e052c7f
SHA1:
53bc8df1f259d27752a66204d06082f185663ce8
File Size:
3.81 MB, 3805184 bytes
|
|
MD5:
a8ccb18b446a437762395bfe51fbe533
SHA1:
9f2e93555456c1cfe67e530725a5489fb2fe1c2a
File Size:
2.43 MB, 2433024 bytes
|
|
MD5:
154c1d5743b626d7e534a15b6efa978e
SHA1:
19b87e251ce490a949da98bc1c2c863f4aecdccd
File Size:
3.39 MB, 3391488 bytes
|
|
MD5:
faecdb6868c0858f591ca0f5efc6d86d
SHA1:
92c333466124538e48bb2c23c520b7c5151c0e5b
File Size:
3.62 MB, 3616768 bytes
|
|
MD5:
276475f10517c77e41c9a888c854094b
SHA1:
bb6ef91dba559f64b1ab462a79f5e6f70322fae8
File Size:
2.81 MB, 2805760 bytes
|
Show More
|
MD5:
965f608a7854efa67bd680d93ade1712
SHA1:
2aca2d24754158250572b6fcc126d29d3f5326aa
File Size:
3.73 MB, 3734046 bytes
|
|
MD5:
4c140243219557bf07c9f1c95a9e1967
SHA1:
5c9e56f9827ae715875b1bed531ba5f6b00d7580
File Size:
4.06 MB, 4059136 bytes
|
|
MD5:
615a1c5cab0d9e084781a9f132235060
SHA1:
81894695708819d0e496000fe13e6a851bf55175
SHA256:
78BD249C97CB82CDC4401D2DACD64B6AF7FD224DAD31F048C2BA47882F89F803
File Size:
3.19 MB, 3186688 bytes
|
|
MD5:
21387c0777ecb042fb4f0c756855c0c1
SHA1:
7d755784e2e380bb7403eddcc5ea4427b3ab3cc9
SHA256:
D9D4FDA465492B0347386DFF5D10CCBCC796B4D5F700FAD1D17F1E88C63951FB
File Size:
1.97 MB, 1970176 bytes
|
|
MD5:
62be9e8da74a3486896e3cbed06f82c6
SHA1:
be6b00b8ae2a9283f8634daa0b6541eccf82911a
SHA256:
961D1B78EFED852DA329436E5E0DAAE27A179F815130EBB1E002797F6B4B54B0
File Size:
3.38 MB, 3383296 bytes
|
|
MD5:
c2c4d116fe159e72cbaa8cf8ea464d70
SHA1:
d6a400493b51ea70e3d47f1c65a22897605cec3c
SHA256:
D2C49522DE90D787F67FC588F055973227E0F3072403F6CED315B6EAB63E41DD
File Size:
4.11 MB, 4114104 bytes
|
|
MD5:
1bd6b1fc770566e5f8c0d08abb1b3549
SHA1:
34fed896ed82f92b8f9502ef208f5be53e0b0752
SHA256:
4651A059BFB216CE21B7622501F98E4C9147F10E3430E5205786EA7475985EB7
File Size:
2.22 MB, 2215936 bytes
|
|
MD5:
7a8bfd8a3d09cdcb97cb122acaa5dfbe
SHA1:
16e53a35481d8908e6c120807cbbc40eb30aa3c2
SHA256:
06C703557583CC5A26A34AD099896629305B66E108AE6779B0467332534E6FF2
File Size:
3.39 MB, 3387392 bytes
|
|
MD5:
713ffbe8ebf84707e6c89cb47fd8eed0
SHA1:
a5e460d397315624584785eefab9d2ff7f09ee72
SHA256:
4D87F957EB4E3EE5C76985C458B71E007AEDC7F0CCFD8B14BC40337F3E80EFC8
File Size:
3.67 MB, 3666401 bytes
|
|
MD5:
74f04feb5a7ad020b6543dc736b79a5f
SHA1:
ca3aff09c7f7f75fc22b993dafff92fafe235012
SHA256:
F780933215929E0AA91FEAA9065363E5F41C6AD63DCC534E25930A364FBDB520
File Size:
3.30 MB, 3301376 bytes
|
|
MD5:
74b6c1fe331016407f02664213017eea
SHA1:
817ef2d6aab5e73ddefd0406dc40d3de4b9e246f
SHA256:
4763DB6A15AF1E3398D302C0B52A2C56784B39933C8AFEC55B96C8624A3C4535
File Size:
1.79 MB, 1789952 bytes
|
|
MD5:
463ee4f2cd914fe54064ae48bbb787a2
SHA1:
95febb2ad74b0f776906e4cd805184e42ce9f555
SHA256:
95F5B4D6C02CF91B196D50DE2BAC18E8BCE3FC33734A6A8032AA710429AF1FDD
File Size:
1.49 MB, 1494167 bytes
|
|
MD5:
306fc64e41820fb7138200b60da8e302
SHA1:
870e46208fc0ce337e4465afb6adc8a668518e90
SHA256:
B9AC53D4CC54F22D0BA04BA24BCF2D23A559F1A007E5F94467D3E0FE780EE12A
File Size:
2.74 MB, 2740224 bytes
|
|
MD5:
1787321f695acaf986fc22aafaa9851b
SHA1:
f508d34829f5a505221ec805ea9ac4fbf6f951e8
SHA256:
F2AFB7E51B19D7F1F402D6066D4CC07F93CE58A53C5FE42113A9937216DF0A2F
File Size:
4.03 MB, 4030464 bytes
|
|
MD5:
ec763860c32178b3fb981de52425fbda
SHA1:
89e970262277b4d3a658ef64e770c17c33daafa3
SHA256:
BABE8CC20B8F5167DFDE604F729E734FFF91B86D41C96A784BA6AD514AC852EB
File Size:
3.18 MB, 3182592 bytes
|
|
MD5:
c4fcc2184cab5f0e0834c1f3e5c02e13
SHA1:
b93ffe92e62828647fdf60426b464acc21f42ee9
SHA256:
6335658DF4BF4AE35776CDD36EB47DA69D6FC05B96497F4F06DD92B886A21D78
File Size:
4.88 MB, 4883106 bytes
|
|
MD5:
0a7097c0e9f3bdcf4d390d7a4c048d3c
SHA1:
dbbd10acaa079bca7ca64434473719f34a3acb5e
SHA256:
9BC16F6DE49E41D59651AC7876B5719A6E97C4D53236BEBAF30BE3F313BCC634
File Size:
3.27 MB, 3272704 bytes
|
|
MD5:
02f10e3613a28435ee3b2269522522a8
SHA1:
4ad721b2aa276d42b6c164c8508877dc0f1afecf
SHA256:
FAD01A1D58DDD99AF7F90CECAB54C8AE029CA87EF21CBDA85AD004DA2E337904
File Size:
2.96 MB, 2961408 bytes
|
|
MD5:
3e4c3287f24c9b44033c761cdd9a8754
SHA1:
44331c2b0f6db60d2ba99a9f12b1810c4e53feec
SHA256:
6E737AC977F8833B66052E119985991BB37490228DDD467CE1566FF14097C258
File Size:
3.30 MB, 3301376 bytes
|
|
MD5:
80f84aaeefbf2e61f15e3e7417b3672e
SHA1:
166133f2c0e4cf95de56fa643cfeeb512a57e4b3
SHA256:
D509792EDCBF528538CEBC60CBDCFB368B60F94CD32279A14C7CB336ABFDFA6E
File Size:
3.60 MB, 3604480 bytes
|
|
MD5:
654fb3c361d5b439ad521bdc90b4b0d1
SHA1:
d271caefce15b91d7677b6c8da6557730459c5b2
SHA256:
1E2F887FD2DBDA7FC8583F6E045F1A4D0429CEB03F623AF1BDA31BBA0ED330CB
File Size:
2.33 MB, 2329596 bytes
|
|
MD5:
cb21d40b6135f4785746e041ec693336
SHA1:
0b6bc980a558e796f0c5c8c0ea66abda0c9b7c09
SHA256:
97EB30CC6C76725D1FDA62CFD4B8600C7CE724C6AF0DCECE27ED77D83D86FDAF
File Size:
3.22 MB, 3215360 bytes
|
|
MD5:
77b4622e87784bfa743613a6f8e924ab
SHA1:
e5eb3b7234e09d2a4bffd3485a536816d49cbf43
SHA256:
E64BB9C80A51499F5084A4E60BDE6FCC07E271F40CC51D54356893C8D96D5899
File Size:
5.06 MB, 5060718 bytes
|
|
MD5:
040ca244d94d3463961bcb7b2d6198b5
SHA1:
d6762ab35263904a74fd157ab53a95e199a6ecde
SHA256:
87BF8232335C3908EA3EA7CB9D5860712979A4EFB2549E910E7E74D4609AD98E
File Size:
2.81 MB, 2805760 bytes
|
|
MD5:
3000294df4c2feb4248dc8da8d6b4264
SHA1:
07c17b8eedf46dfcd2defbd40cc0820e8a941875
SHA256:
5F88906593981721989A1D7A528ADFA47DF960CB8EAC305B2114F8C49305519A
File Size:
1.80 MB, 1802741 bytes
|
|
MD5:
7b8ad0b54417f63328ce6bd58136b735
SHA1:
c1776a2a2c3c259036c9d5b1329cb8397b992d07
SHA256:
D23092FE1B38395FA5E619050A1A2AB2B849637D0725E797A242204638418B9C
File Size:
3.26 MB, 3255097 bytes
|
|
MD5:
44e5f51aaaa1b3375f2509fa7c46f2c5
SHA1:
ab20f08b1b93259343b34c49de45de80d111dd92
SHA256:
506A57E00B1B0E5828937DA2354BA122E1B264126A2B19BB8F95F368FB0D7244
File Size:
2.82 MB, 2818048 bytes
|
|
MD5:
af824a0912ce6c5656ddf94ca0082e73
SHA1:
73446db9428d44c648ef3e84d88437a9a767176d
SHA256:
EF97363B1347F269D71B42ABF71B4F8E8273C4F76442F136A4A096D068A5D317
File Size:
4.14 MB, 4141056 bytes
|
|
MD5:
faa0b21e48f5d3a8092db44fcd633a4c
SHA1:
49990a48021481664bfdeaaccf4735159665d216
SHA256:
10F2541642853D80F16E7712531BAB8B2CB32B0C29520D4E7A794637026A95F4
File Size:
2.67 MB, 2674688 bytes
|
|
MD5:
dd564e40c29652ad4904c604253d98c8
SHA1:
148501e6b87f7724d4f51db15cb54e3dc1cfb75e
SHA256:
CCF5D5EA6E96CE88207ADA8ADE9CF0B060693B86CF277E7D596D0E48BD1B2B28
File Size:
1.91 MB, 1912832 bytes
|
|
MD5:
186594d58c86e56d6ec1978767f21559
SHA1:
da11e520ad80b2791ede51e699bad92bbdc8a986
SHA256:
F44603D50ED0EF085A06E8AD53B75D434E2E2E35476BCC669F4DF8844FF70F28
File Size:
4.18 MB, 4182016 bytes
|
|
MD5:
343d45834456b061e729845877e6db10
SHA1:
bcbab07f42a9ea3e05bcdb584eab97977768340e
SHA256:
390E300E7FF3B54B3CFCED85B7235B20FA2E46AF95CE5F7714E53D452C17E9BF
File Size:
2.45 MB, 2445312 bytes
|
|
MD5:
0c9fdab57b89ce23907b22abb6d54411
SHA1:
64d26a98dbc5313ce179da7ac58d58e52cf01def
SHA256:
7F28B74A5195A24CD45E0B5955001408C9081FADDB49B93F9E4C4AE3E720308B
File Size:
2.12 MB, 2120598 bytes
|
|
MD5:
dfae6706274962cc6be1cd624e745075
SHA1:
022e7533e6fc811e303aebe151bde998330075e0
SHA256:
2CC6A918F8373EA346839647B8B913DD855C295860521376BD4166C6FDAB0BC3
File Size:
3.44 MB, 3439895 bytes
|
|
MD5:
d4cecc27caa5e6b3845f2275ea2e5a0d
SHA1:
a20758e4f4aab6f250337fbd87d35dd1f7816b37
SHA256:
D26867B0B36F5E2CC6E81B46502CA44EA6FF94E8CC630D2BF82BADF0F3789ED7
File Size:
2.62 MB, 2617344 bytes
|
|
MD5:
b8b0d1b55033c5956527fafe5ad969d8
SHA1:
e1fbd93ac6f15c64877fbceef11ed3429826d5cb
SHA256:
BA330C9763CF6EA56BB2386BC8E12A61752A96424A08EDBD40D8AB85F32B7CEF
File Size:
961.00 KB, 961000 bytes
|
|
MD5:
a001205f46cc43f9fd60d57072b410a3
SHA1:
5515e3f2c5f61d67269a0843cac3e240f8e87ce2
SHA256:
18B403E2E4B2E602D3178457E041EF1A19691B8335D44608B34C20518F4B09CC
File Size:
4.95 MB, 4947710 bytes
|
|
MD5:
1b640270bb8044516b5c1c2a4199ba6c
SHA1:
029708b8365affa35a019f81e6e2263272cfafbe
SHA256:
5DA7B64819CE50FECCA8AA9844C556FA63C95D7030529201745A1C6BC1E91FAB
File Size:
3.84 MB, 3842048 bytes
|
|
MD5:
79b202f4388bb9f5483f12f5c0756c0c
SHA1:
757bf0c798661060f6f7c92c73b69262ca1bdb9b
SHA256:
042955A69650F2F169B8215EE93C9248D1194E32D3530544AE52C8CE1E87850F
File Size:
3.98 MB, 3977216 bytes
|
|
MD5:
56abbd577d5ede29bdfbc9509007efa8
SHA1:
f30583b7caa37421c2dd54dfdd8fbe3a277c3212
SHA256:
77282242F8CFCDF28CA6F5990E8395E8DD4C80F0D9CE82C4E4E6CB5381D2E5D5
File Size:
4.35 MB, 4349952 bytes
|
|
MD5:
6ec2156a36a5ae3f188684ab3dacbe67
SHA1:
42d94b9a255c006f0683b222f04a36ff0a185714
SHA256:
E07A3AE3ECE793F0B0E5F4206EC4BFD77061659776D8622E9EFA0411493A743E
File Size:
5.72 MB, 5718373 bytes
|
|
MD5:
af9b57f59b976af256f88669684c99de
SHA1:
ccd865e188eab204e690173ce5517d080da5b86c
SHA256:
9669E2DF0F30A5C358D7FF8849FB4EC0AF4F5502C82BB8EC713325AC4D2FA33D
File Size:
3.57 MB, 3567616 bytes
|
|
MD5:
40bcca5f8e0694bf8261cf0c8ee756fc
SHA1:
6643dda9e4cb1e0373ff8e440891cb99b123f27c
SHA256:
A129C734CBA5DDC334C3A8594181BE2C5F5911D5691DBB8FB478CD342930AD81
File Size:
3.32 MB, 3321856 bytes
|
|
MD5:
9c5a543f93b1850d2cbcd61fd71576c1
SHA1:
b62c984c29e43fcba966b40b4382379699c0d17c
SHA256:
61CEBA409FCDAE774FDF39EB6DD8378DFB90C3FE97C19A58F0AD32F7E314F3CD
File Size:
1.49 MB, 1490944 bytes
|
|
MD5:
c69428dde70b441d230fcc74db135b6b
SHA1:
da40d6ddf70da2457d76981348d28d3973c14612
SHA256:
E96A28DFB767FB3EDF0A602D43EDA23B9868FEC702FD826B25296E9D52E89666
File Size:
3.45 MB, 3448832 bytes
|
|
MD5:
76cd2a07d5336d67764362072388c1fe
SHA1:
2ee076c56aac2b32084c8c40dfef486e0e266c5a
SHA256:
FF7B103E32765DE039FE6C77660B9590B906EBC7E25F8C778995653C16FBE0FF
File Size:
3.27 MB, 3272704 bytes
|
|
MD5:
896759284d0ed78c8dd42d687ff9faf4
SHA1:
0520f28d993093b548172363e0612707ac001da3
SHA256:
F10FC6B8FE928C937CE0686166812F1914E9F2191E4B1FD4B98E8DF11465C9E5
File Size:
4.14 MB, 4137984 bytes
|
|
MD5:
b373fac8c3217f378870e528aaebcaae
SHA1:
78e66f8436c1654b9da8e249582c78bdb0ca7dd7
SHA256:
A87CB100C97F8BBEF89653248BCFA9FCC3B1974191F0C5291E6EAC5AAEB3C6B4
File Size:
3.30 MB, 3301376 bytes
|
|
MD5:
d4df0513fd59c857788b264220ca7859
SHA1:
8367a575faf11f131cd129c682fa7f8d185dd08d
SHA256:
C90BBEB289FCAAEB31B305FBEC923EB4F7A74F6A0C13853CC38B760E5CF7E5D7
File Size:
3.33 MB, 3330048 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is 64-bit executable
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This installation was built with Inno Setup. |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright | Copyright (C) SEIKO EPSON CORPORATION 2002-2007. All rights reserved. |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- 00 section
- 2+ executable sections
- HighEntropy
- themida
- themida section variant
- x86
- Zprotect
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 3 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- AdjProg.A
- Babar.AE
- BadJoke.LMG
- Barys.M
- Barys.O
Show More
- Bestafera.A
- BitWall.A
- Dinwod.E
- Kryptik.PK
- NjRat.E
- Quasar.A
- Xtreme.B
- Zegost.AK
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\is-0r46j.tmp\b93ffe92e62828647fdf60426b464acc21f42ee9_0004883106.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bta7s.tmp\2aca2d24754158250572b6fcc126d29d3f5326aa_0003734046.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-npms9.tmp\e5eb3b7234e09d2a4bffd3485a536816d49cbf43_0005060718.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-s9fgn.tmp\5515e3f2c5f61d67269a0843cac3e240f8e87ce2_0004947710.tmp | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Shell Execute |
|
| User Data Access |
|
| Other Suspicious |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
| Syscall Use |
Show More
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
"C:\Users\Wyjcffvm\AppData\Local\Temp\is-BTA7S.tmp\2aca2d24754158250572b6fcc126d29d3f5326aa_0003734046.tmp" /SL5="$30144,3361528,107520,c:\users\user\downloads\2aca2d24754158250572b6fcc126d29d3f5326aa_0003734046"
|
"C:\Users\Hwbsorqq\AppData\Local\Temp\is-0R46J.tmp\b93ffe92e62828647fdf60426b464acc21f42ee9_0004883106.tmp" /SL5="$402BC,4058251,829952,c:\users\user\downloads\b93ffe92e62828647fdf60426b464acc21f42ee9_0004883106"
|
"C:\Users\Tulcnhyn\AppData\Local\Temp\is-NPMS9.tmp\e5eb3b7234e09d2a4bffd3485a536816d49cbf43_0005060718.tmp" /SL5="$D022A,4235964,829952,c:\users\user\downloads\e5eb3b7234e09d2a4bffd3485a536816d49cbf43_0005060718"
|
"C:\Users\Tczafypz\AppData\Local\Temp\is-S9FGN.tmp\5515e3f2c5f61d67269a0843cac3e240f8e87ce2_0004947710.tmp" /SL5="$A02E8,4122954,829952,c:\users\user\downloads\5515e3f2c5f61d67269a0843cac3e240f8e87ce2_0004947710"
|
