Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Aller

PUP.Aller

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Aller
Signature status: Hash Mismatch

Known Samples

MD5: 6c43a8be26b6a05cc9546b971ef68a3e
SHA1: 399b5b1adad6a863bc66c629b47cf696f4f9bef9
SHA256: 11B351CEFA6F026D2D2F1C47CCDFA3DE48240782EFED980B481547DDA0CCF7E6
File Size: 202.06 KB, 202056 bytes
MD5: 7ab93f9b0fb4b7d2b4fc6dedc431324a
SHA1: 77a90d78398676497089cc4024d199a3c3bc21f7
SHA256: 18199A008242EE90EB63E8801E4A4E8B0879DEB25EBB78CB8EE1B218584FBB83
File Size: 311.94 KB, 311935 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
Aller Media e.K. COMODO RSA Extended Validation Code Signing CA Self Signed
Aller Media e.K. Certum Extended Validation Code Signing 2021 CA Hash Mismatch

Block Information

Similar Families

  • Agent.LA
  • Agent.MH
  • Agent.MI
  • Agent.MU
  • Parite.F
Show More
  • Rozena.H

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a7651b04e14.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszdb35.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszdb35.tmp\nsisdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszdb35.tmp\nsisdl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\vlc plus player (x86) updater\setup_x86.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\6768f512-bc4b-484b-834a-7e49eb4a3fbd.tmp\ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • connect
  • inet_addr
  • socket
Keyboard Access
  • GetKeyState

Trending

Most Viewed

Loading...