Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Amonetize.FA

PUP.Amonetize.FA

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Amonetize.FA
Signature status: No Signature

Known Samples

MD5: 52339aa779013558d710c31a579d0e47
SHA1: 3e7bfb16a0d14e8e4f49a71b60c022144d921416
SHA256: 724AA85638BFB55996D75E8954DAE1B653295757B7ADE681E44E5B1A45E4AB53
File Size: 292.46 KB, 292456 bytes
MD5: 96476ec84305ebfd585f92e974ef4c54
SHA1: 0f4c3b99ed6a948c0c58ba542119315b1ff3ccc4
SHA256: C1B5811FB0961D5C7E5FF09B57616F964AACDE0F08D4E749F0F6E1BB822C2EBD
File Size: 332.80 KB, 332800 bytes
MD5: ee3accc4b5533ad9ff3bdcc2f53d900b
SHA1: 2f482391a9af0def9c099b58b97e7bc41cc4abe2
SHA256: 8E7B0ADBC54A9F955C7102F9E56A8A2F755466AF4A9076E66CC43C0DE29F5569
File Size: 292.46 KB, 292457 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Media View
File Version
  • 1.1.5.89
  • 1.1
Internal Name setup.exe
Original Filename setup.exe
Product Name
  • Media View alpha 1882
  • Media View alpha 6542
Product Version
  • 1.1.5.89
  • 1.1

File Traits

  • dll
  • HighEntropy
  • Installer Version
  • x86

Block Information

Similar Families

  • Amonetize.FA

Files Modified

File Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Nlxqqdxf\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Nlxqqdxf\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Nlxqqdxf\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKLM\software\classes\xmbsb.inst.1:: Inst Class RegNtPreCreateKey
HKLM\software\classes\xmbsb.inst.1\clsid:: {442524ff-0290-45e2-ada3-6e56d9e5a698} RegNtPreCreateKey
HKLM\software\classes\xmbsb.inst:: Inst Class RegNtPreCreateKey
HKLM\software\classes\xmbsb.inst\curver:: XmBsb.Inst.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}:: Inst Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\progid:: XmBsb.Inst.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\versionindependentprogid:: XmBsb.Inst RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\localserver32:: "c:\users\user\downloads\0f4c3b99ed6a948c0c58ba542119315b1ff3ccc4_0000332800" RegNtPreCreateKey
Show More
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\localserver32::serverexecutable c:\users\user\downloads\0f4c3b99ed6a948c0c58ba542119315b1ff3ccc4_0000332800 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\typelib:: {5f027e71-6f1b-4c22-aab3-adc5215633c0} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{442524ff-0290-45e2-ada3-6e56d9e5a698}\version:: 1.0 RegNtPreCreateKey
HKLM\software\classes\typelib\{5f027e71-6f1b-4c22-aab3-adc5215633c0}\1.0:: InstallerLib RegNtPreCreateKey
HKLM\software\classes\typelib\{5f027e71-6f1b-4c22-aab3-adc5215633c0}\1.0\flags:: 0 RegNtPreCreateKey
HKLM\software\classes\typelib\{5f027e71-6f1b-4c22-aab3-adc5215633c0}\1.0\0\win32:: c:\users\user\downloads\0f4c3b99ed6a948c0c58ba542119315b1ff3ccc4_0000332800 RegNtPreCreateKey
HKLM\software\classes\typelib\{5f027e71-6f1b-4c22-aab3-adc5215633c0}\1.0\helpdir:: c:\users\user\downloads RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}:: IBoot RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\typelib:: {5F027E71-6F1B-4C22-AAB3-ADC5215633C0} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}:: IBoot RegNtPreCreateKey
HKLM\software\classes\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\typelib:: {5F027E71-6F1B-4C22-AAB3-ADC5215633C0} RegNtPreCreateKey
HKLM\software\classes\interface\{07773ac4-dd2f-405d-9ddc-7e723dd8a3b1}\typelib::version 1.0 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
Network Winhttp
  • WinHttpOpen
User Data Access
  • GetComputerName
Network Info Queried
  • GetAdaptersAddresses

Shell Command Execution

"C:\Users\Nlxqqdxf\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Ogyzmwmm\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\

Trending

Most Viewed

Loading...