PUP.AdvancedSystemRepair

Threat Scorecard

Popularity Rank: 602
Threat Level: 10 % (Normal)
Infected Computers: 4,749
First Seen: February 11, 2025
Last Seen: April 23, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.AdvancedSystemRepair

File System Details

PUP.AdvancedSystemRepair may create the following file(s):
# File Name MD5 Detections
1. Advanced-System-Repair-Pro-RepairTool.VH.exe ac34742253dde2adfcb06f0b2612ac3a 521
2. Advanced-System-Repair-Pro-RepairTool.E9.exe 1bf71859a90cf7b91b349f29584491be 331
3. Advanced-System-Repair-Pro-RepairTool.E4.exe f4d0eea8ec0a2171ad416314d39bc8c2 328
4. Advanced-System-Repair-Pro-RepairTool.S.exe d2c94f5989310d0ce83ce0b900ebbfe7 317
5. ~asrcp23420.exe dc01587fb026cefb7c3af98069dcb1f6 314
6. Advanced-System-Repair-Pro-RepairTool.E8.exe 7bfaf01292d28b4d38fbe36705616f49 306
7. Advanced-System-Repair-Pro-RepairTool.A.exe b03864c50bd2e2c426f0f694cd2e9090 304
8. Advanced-System-Repair-Pro-RepairTool.L.exe 0b1780fa5081265a5765d558f607d027 303
9. Advanced-System-Repair-Pro-RepairTool.IM.exe 09386009837a29a52e0f6ecf936b592a 303
10. Advanced-System-Repair-Pro-RepairTool.B.exe 10f91baa7d9d81dfc14276f06b962130 303
11. Advanced-System-Repair-Pro-RepairTool.9.exe 5e33c355adeb42619a62d16c1cc1b5d1 303

Registry Details

PUP.AdvancedSystemRepair may create the following registry entry or registry entries:
File name without path
advanced system repair pro.lnk
SYSTEM\CurrentControlSet\services\asrdmon
System\CurrentControlSet\Services\asrrealtimesrv

Directories

PUP.AdvancedSystemRepair may create the following directory or directories:

%APPDATA%\microsoft\windows\start menu\programs\advanced system repair pro

Analysis Report

General information

Family Name: PUP.AdvancedSystemRepair
Signature status: Self Signed

Known Samples

MD5: 9d8e6f92881aa599091f3c45a7752d4b
SHA1: 3710eb9cd997e1861fa85e4dbf8c8424f8fa321e
SHA256: 000F7AC08DD42ECD8CE310A2A22C61CE21EA86C8F1C86CD5410AEC99412FA655
File Size: 1.37 MB, 1367192 bytes
MD5: dda746e58dc614774a2037c176f14c45
SHA1: cbe7b0ffb322d2fbe30a7238f96a049015ce3a7d
SHA256: B2E96BFE2DE5A1C1A7301641BA961543C78294CCFA28A25F2D7CB67E51ABF4CE
File Size: 1.11 MB, 1113344 bytes
MD5: 0157f06e14aa48de28d382d1e6bec354
SHA1: ef291e2617348e2ba4a017f140780f6c63045c90
SHA256: EC5553903D50FA85CC5356E8323326DB73F9523051BDB08C4C49E35C98E6CC1A
File Size: 27.80 KB, 27800 bytes
MD5: 71e5d1197a8754e9a803c804d14ab161
SHA1: 8cf08c1ec8797e061d139148f853169fcdbafaf2
SHA256: 3D19D9AABA5698FE444D71E225DF31A079350146C2AF5F10A61C103B8F8D2CC6
File Size: 1.11 MB, 1110072 bytes
MD5: a06c22399477af0768091e573674ce74
SHA1: 6f60af9e9bcffca0714fb5393ea92400b2282eac
SHA256: E0D05289E8233FF5BD03FF5C638FA5F36D635F8F9584F0386BF2C4780FB24160
File Size: 1.09 MB, 1087608 bytes
Show More
MD5: a84e7ca56cdf850fafc4d35ec7152ae5
SHA1: 18a8097b5adb500adf02f8373a79199bd9a85dfd
SHA256: C864CC1B1CE1A69BAEBA2043D979A955D2EB308DEA83838FD412B1AC4253A5AE
File Size: 26.42 KB, 26424 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version
  • 1.9.2.1
  • 1.8.9.1
Comments InfExtractor Module
Company Name
  • Advanced System Repair, Inc.
  • Advanced System Repair Inc.
  • Advanced System Repair Inc.
File Description
  • Advanced System Repair Pro Service
  • Advanced System Repair Pro Service
  • InfExtractor Module
File Version
  • 2.0.1.0
  • 2.0.0.10
  • 1.9.5.3
  • 1.9.3.0
  • 1.9.2.1
  • 1.8.9.1
Internal Name
  • Advanced System Repair Pro Service
  • Advanced System Repair Pro Service
  • InfExtractor.dll
Legal Copyright
  • (c)Advanced System Repair, Inc. All rights reserved.
  • Advanced System Repair, Inc.
  • Advanced System Repair, Inc.
Original Filename
  • Advanced System Repair Pro
  • Advanced System Repair Pro
  • InfExtractor.dll
Product Name
  • Advanced System Repair Pro
  • Advanced System Repair Pro
Product Version
  • 2.0.1.0
  • 2.0.0.10
  • 1.9.5.3
  • 1.9.3.0
  • 1.9.2.1
  • 1.8.9.1

Digital Signatures

Signer Root Status
Advanced System Repair, Inc. DigiCert Assured ID Code Signing CA-1 Self Signed
Advanced System Repair, Inc. DigiCert High Assurance EV Root CA Root Not Trusted
Advanced System Repair, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Advanced System Repair Inc DigiCert Trusted Root G4 Root Not Trusted

Block Information

Total Blocks: 32
Potentially Malicious Blocks: 0
Whitelisted Blocks: 10
Unknown Blocks: 22

Visual Map

0 0 0 ? ? ? 0 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AV-Killer.A

Files Modified

File Attributes
c:\programdata\tsr7settings\av\srv.txt Generic Write,Read Attributes

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
Service Control
  • StartServiceCtrlDispatcher
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
Show More
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...