Multi-License Discount Quote

Change Region

English
Threat Database Hacktool PUP.BruteForce

PUP.BruteForce

By CagedTech in Hacktool, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.BruteForce
Signature status: No Signature

Known Samples

MD5: 541f7e9a915df33c1d3b6a4f65973772
SHA1: 365acd23b964f0b44568a06e35b5a355fefa29b8
File Size: 3.70 MB, 3695104 bytes
MD5: ee624f2c369582653ecc6580ace6eb77
SHA1: c0fe7304f033380beded065988f10c90b87c4271
File Size: 1.97 MB, 1966592 bytes
MD5: 73638f19c7072491fa14aa0a2a7d293e
SHA1: 76e9732c04eb893612ad55cadeaf388b3b48bd65
File Size: 1.91 MB, 1907712 bytes
MD5: a5a59fb147270b17eb75b2c6ef420e5f
SHA1: 145b979988c1e1b9c19b63ff6650ca351f59eeac
SHA256: 9096D4EE46BBCCF0FD4AD33566E774FB7C756FE28CCDFC71A8FDCC619EA89976
File Size: 3.13 MB, 3131392 bytes
MD5: 40a3f6a0d7f1f382b09bd82338a1c976
SHA1: 011314e9971a515f24c1109557f5b8e1f9799576
SHA256: 0893962E1174ED914E2753602D43F2B8D64109C7B74D0E2CC23E6B82CBEC10F1
File Size: 107.52 KB, 107520 bytes
Show More
MD5: d45c0b34d95d321db5230b5b364a4dc0
SHA1: 7bc26166eba7c33e56cc811085eb71b0ab078c52
SHA256: 21BB7E27EAD4EDDE7D94290BDCF2F2EA7B00BBF15EFDBE9FBC010565D2DC86BC
File Size: 8.12 MB, 8116224 bytes
MD5: 12dbd0173f1523a99548d7f05fdd7921
SHA1: 2e6d9834145eda0032b464ad4152791fa6fa0abc
SHA256: 909A2C8B5B9977B016FCFA8D5C987540FAFDDFC38B889CF8EE867A500D5CC163
File Size: 181.76 KB, 181760 bytes
MD5: 684c16559c118e4007eb72b4beca3a54
SHA1: f9ff84c7bf9c67fe392611bb86a6ede2885a51c8
SHA256: 4654FA24C346084FB9525AEDE4C1F6738C0B3F9E410264010278C6D237AB94D0
File Size: 245.50 KB, 245504 bytes
MD5: d93c09a79b27873d5c3e249cc4625443
SHA1: d15f0d737075ef86708f8ab8c118306928c182ed
SHA256: 6C748305E8B2AF6329E9F7A83B7B43DC4D33BF6E9F14E25E312EB31E28CBF2C4
File Size: 2.90 MB, 2904304 bytes
MD5: 3656aaa52383467a4f0aa5103619164e
SHA1: 3e2ae1d604da45fe333c70360323c3c328a13750
SHA256: 51F8E0941EFB35054E39B6953774A61E130A111715343CA4090E95DD33FFB2D7
File Size: 33.79 KB, 33792 bytes
MD5: d7cfddf818be0208b1818a5c0ebac95f
SHA1: 429b477a08ec6f01e55ef1840d60de1fd32cace3
SHA256: C69D673C552917DEFA0FC2510FD432CCDE197DED1C3E660742377698CE560470
File Size: 7.98 MB, 7979008 bytes
MD5: 30d1e4610d36ff5bce0296ba6b9d6ade
SHA1: 79d2f7fa1347b9783e53a6a38f7d97c661caadca
SHA256: E873C1986C9BA2F236A8CAD24AEDAFE6080D81AC2D952620FD70620A48C3C562
File Size: 180.74 KB, 180736 bytes
MD5: 70d9b50549fe8e921da6c48b8a5183b7
SHA1: 23835894774e296027c2bce7a3020d7eace3f110
SHA256: FBD59CF92BB5511B40CF64141FFEBD7DCE088CBA030B7119465A673020BDFD4D
File Size: 117.76 KB, 117760 bytes
MD5: f0698d54d30e5cecab6d4a4c1ed2f571
SHA1: 60ac8668de84f9a862bdc7260eaf817d3c17a061
SHA256: C084406CF72543A845F77EAB5B64AD995E6C93BFD7E1327FCAF5710C87828A35
File Size: 200.70 KB, 200704 bytes
MD5: 116948fa4610beb6766595a4e76345db
SHA1: 21085539e15a23c04264a4761cfb09a4da939555
SHA256: 8A582762ADEA7C673B8E74A77CFCAA39FAA466B7866FEF2A5F94BBBB1F1BAE24
File Size: 147.46 KB, 147456 bytes
MD5: 8293098b8dc38a42e8bb31f4394c94c7
SHA1: 6a01c7003ec0cd4eec71fbbd6ba0bd5bcac62391
SHA256: B76A8EBA2D887616B635F54944EE3C6AF1CC351DAEB9470F42DDB5980A619CE9
File Size: 11.78 KB, 11776 bytes
MD5: 34ae7d945df7dbda0c42031c3d1444e3
SHA1: 6ee932c4485f822c7aa98bd631b707d4b5e35faa
SHA256: 3CAB2E97E722F29862ABED478E910E95EF7D7784AF542A2252C047C60F098A10
File Size: 9.16 MB, 9163236 bytes
MD5: 6634a687a49656fd3c3c56aeeec7132a
SHA1: 7fcc0b7664e162996e18d7346456a19ffe446e21
SHA256: DB5CDAC3AFFD34EC3FD1F5C98434DCB61A9AF867E63E35A3128F4DC58D4DD3C6
File Size: 174.59 KB, 174592 bytes
MD5: 77a4d7fc5360c614ac34bba6a5a97461
SHA1: 41abf501542be4f66a898d61a9b510b1cae646c2
SHA256: 9C966410AA0BE9F5E7383CB36CCE73E7F7D9B8A106E570C83FFE01CA27E6957D
File Size: 1.94 MB, 1944673 bytes
MD5: 89e29605c4971b5355cfbdf9a92c8d08
SHA1: 5108d70d92b7843b83e8303e5c30f2ad01a8e200
SHA256: E2BBF067587D87CC8EA73642EE3391F2926B06D98E9D66B0056A74F86ABF34CB
File Size: 5.72 MB, 5722140 bytes
MD5: 70c4b5c697b56d81dd07553186c80449
SHA1: 6dfc73d23e5629920f8e83e70e9693b4931d16c2
SHA256: 12709FBECA0746DECF4050950F1A6AD87E4256B20357F199B4E35F06476BAEC1
File Size: 823.32 KB, 823316 bytes
MD5: 80a2c3675f15d288d5bf1250ec28f823
SHA1: 1be6882ba974980a56704c4dc3eb9193a6dc63a5
SHA256: AACD7729D1B4FDF0158EE2CE6DE1617F03D52EAAC1351DC7B01075490D6DD945
File Size: 156.67 KB, 156672 bytes
MD5: 544acd8fa683384a4a76b3a423cc23f0
SHA1: 2b4cbe1f22cebbac8a5f55b8abb7431c617a843d
SHA256: 4C38B3F883E06EA3F10679724836E06D83BB62B07F7625A83700C0A9DC306CC8
File Size: 175.10 KB, 175104 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
Show More
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version
  • 26.1.9381.19676
  • 3.1.0.137
  • 2.2.3.0
  • 1.7.8.0
  • 1.2.1.0
  • 1.0.0.0
  • 0.3.31.1
  • 0.2.4.0
Comments
  • .NET heap analyzer
  • https://github.com/DestroyerDarkNess/RenderSpy
  • Power Leads Pro X
  • Provides Native functions used by Reloaded Mod Loader's Main Library that are not Process related. Contains mainly functions related to window management.
  • This installation was built with Inno Setup.
  • __xRisky__
Company Name
  • Arkasm
  • BetterServer
  • Certicamara S.A
  • com.example
  • Destructive Creations
  • Egezenn
  • Jarkko Turkulainen
  • Power Leads
  • S4Lsalsoft
  • Sewer56
Show More
  • __xRisky__
  • ИП Майоров М.В.
File Description
  • Arkasm
  • BetterServer
  • datalib
  • Dota2-Minify
  • External
  • GarbageMan
  • Hatred Setup
  • Instalador del Componente de firma de Certicámara. Signature Client.
  • libReloaded-Native-121
  • MaherAcademy
Show More
  • MailAcess Checker by xRisky
  • Power Leads Pro X
  • RDP Recognizer
  • RenderSpy
  • SatLib
  • SilverBulletCLI
  • Third-party tool for Heredis
File Version
  • 26.1.9381.19676
  • 3.8.1.2
  • 3.1.0.137
  • 2.3.21
  • 2.2.3.0
  • 1.13
  • 1.7.8.0
  • 1.2.1.0
  • 1.0.0.0
  • 1.0.0
Show More
  • 0.3.31.1
  • 0.2.4.0
Internal Name
  • Arkasm.dll
  • BetterServer.dll
  • datalib.dll
  • External.dll
  • GarbageMan.dll
  • Hackedis.exe
  • libReloaded-Native-121.dll
  • MaherAcademy
  • MailAcess Checker by xRisky.exe
  • Minify
Show More
  • nord - copia.exe
  • PowerLeadsPro.exe
  • RDP Recognizer.exe
  • RenderSpy.dll
  • SatLib.dll
  • Sclient Installer
Legal Copyright
  • Copyright (C) 2017 Certicamara S.A
  • Copyright (C) 2023 com.example. All rights reserved.
  • Copyright (c) Egezenn
  • Copyright © 2019
  • Copyright © 2020
  • Copyright © 2021
  • Copyright © 2023
  • Copyright © 2024
  • Copyright © 2025 by PouetPouet
  • Copyright © Power Leads Pro X3 all rights reserved 2014
Show More
  • R.G. Origins, 2015
  • ИП Майоров М.В.
Legal Trademarks
  • __xRisky__
  • ИП Майоров М.В.
Original File Name Sclient Installer.exe
Original Filename
  • Arkasm.dll
  • BetterServer.dll
  • datalib.dll
  • External.dll
  • GarbageMan.dll
  • Hackedis.exe
  • libReloaded-Native-121.dll
  • MaherAcademy.exe
  • MailAcess Checker by xRisky.exe
  • Minify.exe
Show More
  • nord - copia.exe
  • PowerLeadsPro.exe
  • RDP Recognizer.exe
  • RenderSpy.dll
  • SatLib.dll
Product Name
  • Arkasm
  • BetterServer
  • datalib
  • External
  • GarbageMan
  • Hackedis
  • Hatred
  • libReloaded-Native-121
  • MaherAcademy
  • MailAcess Checker by xRisky
Show More
  • Minify
  • Penetration test tool
  • Power Leads Pro X3
  • RenderSpy
  • SatLib
  • Signature Client
  • SilverBulletCLI
  • Сервер СКУД "СТРАЖ"
Product Version
  • 26.1.9381.19676
  • 3.8.1.1
  • 3.1.0.137
  • 2.3.21
  • 2.2.3.0
  • 1.13
  • 1.7.8.0
  • 1.2.1
  • 1.0.0.0
  • 1.0.0+ac0b8cb6657a45c0bdcfaf4a5272eae78d6b75e0
Show More
  • 1.0.0+459b1b188201973f5da04f084afe4758b84d9f63
  • 1.0.0
  • 0.2.4

Digital Signatures

Signer Root Status
MaherWin_2024-1-6_13-10-14 MaherWin_2024-1-6_13-10-14 Self Signed
Anteco Systems SL Microsoft Identity Verification Root Certificate Authority 2020 Root Not Trusted

File Traits

  • .NET
  • 00 section
  • 2+ executable sections
  • AdvInst
  • big overlay
  • dll
  • fptable
  • HighEntropy
  • Inno
  • InnoSetup Installer
Show More
  • Installer Manifest
  • Installer Version
  • NewLateBinding
  • No Version Info
  • ntdll
  • Py-installer
  • WriteProcessMemory
  • x64
  • x86
  • zlib (In Overlay)
  • zlib overlay

Block Information

Total Blocks: 380
Potentially Malicious Blocks: 199
Whitelisted Blocks: 133
Unknown Blocks: 48

Visual Map

? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? ? ? 0 x x x 0 0 0 0 x 0 0 0 x 0 x x x x x x 0 0 0 0 0 0 x 0 x x x x x x ? 0 ? ? 0 ? x x x x x x x 0 ? x ? 0 x ? x x ? ? x ? x x ? x ? 0 ? x 0 0 0 ? x x ? x x x x ? ? 0 ? ? 0 0 0 x 0 x ? ? 0 ? ? x ? ? ? x x ? ? 0 0 x x x x 0 x x x ? ? ? ? 0 0 0 0 0 0 x ? x x x x x x ? x x 0 x x x x x x x x x x ? x x 0 x x 0 x x x x 0 0 0 0 x x x x 0 0 0 0 0 x x x x x x x x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x 0 0 x x x 0 0 x 0 0 x x x 0 0 x x x 0 0 x 0 x x 0 x x x 0 x 0 x 0 0 0 0 0 0 x x 0 0 0 x 0 0 x ? ? ? ? ? x x x x x x x x ? x x x x x x x x 0 x 0 ? x 0 x x ? 0 0 ? 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 x 0 0 x 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 x 0 0 x 0 0 x 0 0 x 0 0 x 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\tempdet Synchronize,Write Attributes
c:\tempdet\__tmp_rar_sfx_access_check_3104671 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tempdet\atualizador.exe Generic Write,Read Attributes
c:\tempdet\atualizador.exe Synchronize,Write Attributes
c:\tempdet\cab.exe Generic Write,Read Attributes
c:\tempdet\cab.exe Synchronize,Write Attributes
c:\tempdet\winrar.exe Generic Write,Read Attributes
c:\tempdet\winrar.exe Synchronize,Write Attributes
c:\users\public\microsoftedgeupdates.zip Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\public\microsoftedgeupdates\ps.vbs Generic Write,Read Attributes
Show More
c:\users\public\microsoftedgeupdates\pss.bat Generic Write,Read Attributes
c:\users\public\microsoftedgeupdates\s.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aa06f0f1-832c-43f5-a57f-0741ec35be24\agiledotnetrt64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1851t.tmp\6dfc73d23e5629920f8e83e70e9693b4931d16c2_0000823316.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-l0slu.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-l0slu.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲓ȁ龡^獖} RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Keyboard Access
  • GetKeyState
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Other Suspicious
  • AdjustTokenPrivileges

Shell Command Execution

(NULL) c:\TEMPDET\Atualizador.exe
"C:\Users\Rwgkfwkd\AppData\Local\Temp\is-1851T.tmp\6dfc73d23e5629920f8e83e70e9693b4931d16c2_0000823316.tmp" /SL5="$40306,304640,304640,c:\users\user\downloads\6dfc73d23e5629920f8e83e70e9693b4931d16c2_0000823316"

Trending

Most Viewed

Loading...