Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Bunndle

PUP.Bunndle

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Bunndle
Signature status: No Signature

Known Samples

MD5: ba17d0cc69904a6b646b37ef25f9d4f5
SHA1: 36b6ce0d5ecb7c575497e2622c55ff12ff1bebaa
File Size: 884.74 KB, 884736 bytes
MD5: aa8c09fa4c6def89b5aed683af3b93ab
SHA1: 8dd45114a188a05576604ca2270df37774459daf
SHA256: E835B298A0C8D9AEB5266C1B624DAF9830D452B1552C41E22FB93128ED38DDC2
File Size: 478.21 KB, 478208 bytes
MD5: 81cd9ea7952432d1669efa4cd787f0da
SHA1: 37235cd4859057623d1c499e233e620f051273bc
SHA256: 7FE88B3E3F91351A03302F5486182DEFE704520F77B673EC958BE0561DD9D17B
File Size: 278.53 KB, 278528 bytes
MD5: 5fe19279f02a073bf440165b78b0236f
SHA1: 2b2bd01a198c9ce417eace10fcb1db79373f2908
SHA256: 3C0491309464FB286A629ED0865038FAF1CF5937059AB76CC10ADE414C35F043
File Size: 1.64 MB, 1638400 bytes
MD5: 2b70eae30211421faa6dae490fe2e339
SHA1: 0784c423b04a289f3d3b92443b3b1671c410bcb8
SHA256: 22B697DDF86C6B972D9C560E8547E72E5153A8D3AF70ECAB809E55DBAFE127AD
File Size: 432.50 KB, 432500 bytes
Show More
MD5: 57863935f09aa016d9782e460615cc0e
SHA1: a3a128f8eefe2798440fec963fb8dc96d9857bc7
SHA256: AC9DD065FEC161339EE617FBB91405ED3F804CC5CEF062BFE1C438BB500610B2
File Size: 683.76 KB, 683757 bytes
MD5: bf88c2d3b833fbe1b61d85737aefb499
SHA1: f2757b4ed08db87d08bad031024cd878e8694c74
SHA256: 41198A19E40CF89E50E2AD79AB63E4B62E1B872B5F838EAB1CA050FB4C7DC9A0
File Size: 25.85 KB, 25848 bytes
MD5: c5b3e7acdf9f1065b3f5e4087b010b64
SHA1: 94c53368c73badbe671ffb2f4df14dd1646e4336
SHA256: 4EEB8F35409E7BEDFA8015DAF13D589F137247BB8DCA1BBFCB58A3FE06A55811
File Size: 623.63 KB, 623631 bytes
MD5: 7c4c06b1394f2c43a5291f2f1ad9129f
SHA1: a9aa92e4409aff4ecf8bf26f23e95eabb0586dfe
SHA256: 3407D97102D8C8950F888BD15B310FBEF9686414A81B8E2623225CAC06DE832A
File Size: 227.71 KB, 227712 bytes
MD5: 001602e2ca5003b8c2f329fc2e593640
SHA1: 01585f5310def675f24cdedcd035c860fa070143
SHA256: 44E154ECD6F2F7BEFC88B0F8D7101D94E47C046B33E5BF3736602C1B05AF3092
File Size: 7.36 MB, 7356004 bytes
MD5: 47b3608c246d40a135e89c4bb82e07fb
SHA1: fd81b3a67e67fc46cdacaec520329747b4b5670d
SHA256: FFF4B1206EE7B88A622D7BD3A5C8ECC281A6A7E0372F8C01BBFCB44CBFD5AA35
File Size: 7.68 MB, 7676416 bytes
MD5: 11f4dcfba6d1d6032c6833ce0dbb9c29
SHA1: 2ca98643512e671a1dff688b342e26b5c8eb1676
SHA256: 3F054E89CF0D07907F1A2B0DC63C1BA36FFDC563F8669C9D9EC3EF1DACF0FEB3
File Size: 344.06 KB, 344064 bytes
MD5: f35f382cdbcaff3bbb48474705ebbbb6
SHA1: 9ed41b78316554c6bf511d86de7e22184c143563
SHA256: 75FCA4C36F1AA07D8145A40BEE6302CBB939FA6ED984EBA9A1F601BAD7D057AD
File Size: 54.60 KB, 54600 bytes
MD5: a19fdd7184c23bd7460423e0bea25579
SHA1: 1a7411d50e24729f0867feca833b50f09a41aeca
SHA256: C6FF9F135247994D02825B4EF3A5B8D9A864229943CE834E331290922BC8E3D2
File Size: 1.60 MB, 1602958 bytes
MD5: 64c7284e012662bfb8b1c3e7a23d2b13
SHA1: 77a22884f915dbdf6e2c835025453034317313fe
SHA256: 366239EA67D582798F84E8FC42E03C5603F3A01C1EA193DB5C97B7727CE7FA68
File Size: 165.89 KB, 165888 bytes
MD5: e202e822c618e4b5dbd1d89a355aa3b7
SHA1: 51f0a5f2b84a2f39072f5dc38ec5a8750aa9ae71
SHA256: C6B111656127AA4E27D3ABCDD48BF04270E8FF88AB7C5287A5E299F59224B3D0
File Size: 6.96 MB, 6956270 bytes
MD5: 5f9d6542ce574c96ca1253277b9ea102
SHA1: cfad7322bce6d4a378d7a12dd086141ae0373e2b
SHA256: 809F70A7365970CE1E998646309B4F71FAB076244D0DE4215752E7C56C8EA659
File Size: 327.68 KB, 327680 bytes
MD5: 68ac731a814bf285c59ee5ca3ed9e93e
SHA1: fb0aaeb807515a6d668e3097b3cab16315788e3e
SHA256: 3574FA3C862240CBF6A29AF26AE4B8EFBFAB59329D4AB20481F5E23B468FE35F
File Size: 3.34 MB, 3337872 bytes
MD5: 45a9ebd8a8caa1f3fee0d71f99fd3945
SHA1: 3b988b249b155ca5ed1bf9f35b59224c47040404
SHA256: DF3CD8D3AC9B52EFDC7D2A6196E476D5BF77B5C30A2C2B581A3174C05EBE6291
File Size: 512.57 KB, 512568 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Assembly Version 3.0.0.4435
Comments
  • Este software está protegido por leis de proteção dos direitos autorais e outras leis e tratados de propriedade intelectual.
  • GOM Player Setup File (2012-12-12 16:07:16)
  • Sistema Actualizador
  • This installation was built with Inno Setup.
Company Name
  • Dessis Sistemas de Gestão Empresarial
  • Gretech Corporation
  • Lavasoft
  • QL002
  • Soporte Real
  • spgsoft.com
  • zxt2007.com
File Description
  • 3GP Cutter Setup
  • GOMPlayerGlobal Setup File
  • GOM Player Setup File
  • Inverted Image Setup
  • K-Lite Codec Pack Setup
  • Quick Launch
  • Web Companion Installer
  • ZXT2007 Video Converter Setup
  • Êxitho Report (Win32)
File Version
  • 13.900.0.1080
  • 8.9.0.1201
  • 8.9.0.371
  • 7.0.2417.4248
  • 6.1.0.0
  • 4.6.1966.3854
  • 4.3.1917.3743
  • 4.0.1780.3335
  • 3.10.5.25469
  • 2.3.9
Show More
  • 2.1.0.0
  • 2.1
  • 1.00.1572
  • 1.00
  • 1.0.0.0
  • 1.0
Internal Name
  • 7zSNoAdmin.sfx
  • actualizar
  • DessisReport.exe
  • Installer.exe
  • OfferInstaller.exe
  • TJprojMain
Legal Copyright
  • c Lavasoft Limited. All Rights Reserved.
  • Copyright(C) 2003-2012
  • Copyright (c) 2010 spgsoft.com
  • Copyright 1995 - 2019 - Dessis Sistemas
  • Copyright 2010-2015 zxt2007.com.
  • Copyright 2013-2015 ZXT2007.com.
  • Copyright © 2017
  • Copyright © Adaware 2021
  • Olman Jiménez Ramírez
Original Filename
  • actualizar.exe
  • Installer.exe
  • OfferInstaller.exe
  • QuickLaunch
  • TJprojMain.exe
Private Build RTM
Product Name
  • 3GP Cutter
  • Actualizador
  • ERP Êxitho
  • GOM Player
  • GOMPlayerGlobal
  • Inverted Image
  • K-Lite Codec Pack
  • Project1
  • QuickLaunch
  • Web Companion Installer
Show More
  • ZXT2007 Video Converter
Product Version
  • 13.900.0.1080
  • 8.9.0.1201
  • 8.9.0.371
  • 7.0.2417.4248
  • 4.6.1966.3854
  • 4.3.1917.3743
  • 4.0.1780.3335
  • 3.10.5.25469
  • 2.3.9
  • 2.1.47.5133
Show More
  • 2.1.0.0
  • 1.00.1572
  • 1.00
  • 1.0.17.4278
  • 1.0.0.0
  • 1.0

Digital Signatures

Signer Root Status
Lavasoft Software Canada DigiCert Assured ID Code Signing CA-1 Self Signed
7270356 Canada Inc. Entrust Root Certification Authority - G2 Hash Mismatch
Lavasoft Software Canada Inc. Entrust Root Certification Authority - G2 Root Not Trusted
Lavasoft Software Canada GlobalSign CodeSigning CA - G3 Self Signed

File Traits

  • .NET
  • 2+ executable sections
  • 7-zip (In Overlay)
  • 7-zip Installer
  • dll
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
Show More
  • vb6
  • VirtualQueryEx
  • x86

Block Information

Similar Families

  • Zegost.AQ

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs02a70acc Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0e418301 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs175.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\2026-03-29-08-17-07_installer_pid=3992.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\2026-03-29-08-17-07_installer_pid=3992.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\app.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\app.ico Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\7zs4d971dd5\bundleconfig.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\bundleconfig.json Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\de\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\de\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\de\microsoft.win32.taskscheduler.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\de\microsoft.win32.taskscheduler.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\devlib.services.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\devlib.services.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\dynactsbll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\dynactsbll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\en\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\en\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\es\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\es\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\es\microsoft.win32.taskscheduler.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\es\microsoft.win32.taskscheduler.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\fr\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\fr\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\fr\microsoft.win32.taskscheduler.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\fr\microsoft.win32.taskscheduler.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\h2osciter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\h2osciter.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\htmlagilitypack.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\htmlagilitypack.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\it\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\it\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\it\microsoft.win32.taskscheduler.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\it\microsoft.win32.taskscheduler.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\mydownloader.core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\mydownloader.core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\mydownloader.extension.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\mydownloader.extension.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\newtonsoft.json.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\newtonsoft.json.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\ninject.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\ninject.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\offerservicebll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\offerservicebll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\offerservicesdk.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\offerservicesdk.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\pt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\pt\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\pt\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\quicklaunch.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\quicklaunch.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\downloadpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\downloadpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\finishpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\finishpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\bg-welcome.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\bg-welcome.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\bg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\bg.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\check.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\check.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\close-hover.svg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\close-hover.svg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\close-normal.svg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\close-normal.svg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\favicon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\favicon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\loader.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\loader.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\minimize-hover.svg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\minimize-hover.svg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\minimize-normal.svg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\minimize-normal.svg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\warning48x48.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\images\warning48x48.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\installingpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\installingpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\offerpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\offerpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\config.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\config.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\eventhandler.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\eventhandler.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\log.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\log.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\translateoffertemplate.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\translateoffertemplate.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\viewstateloader.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\tis\viewstateloader.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\welcomepage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\resources\welcomepage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\ru\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\ru\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\sciter32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\sciter32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\shared.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\shared.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\zh-cn Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\zh-cn\microsoft.win32.taskscheduler.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4d971dd5\zh-cn\microsoft.win32.taskscheduler.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs607f.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs7e41.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\de-de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\de-de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\de-de\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\de-de\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\en-us Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\en-us Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\en-us\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\en-us\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\es-es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\es-es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\es-es\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\es-es\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\fr-ca Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\fr-ca Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\fr-ca\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\fr-ca\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\icsharpcode.sharpziplib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\icsharpcode.sharpziplib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\it-it Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\it-it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\it-it\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\it-it\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ja-jp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ja-jp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ja-jp\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ja-jp\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\newtonsoft.json.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\newtonsoft.json.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\pt-br Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\pt-br Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\pt-br\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\pt-br\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ru-ru Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ru-ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ru-ru\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\ru-ru\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\tr-tr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\tr-tr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\tr-tr\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\tr-tr\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\webcompanion-installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\webcompanion-installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\webcompanion-installer.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\webcompanion-installer.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\zh-chs Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\zh-chs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\zh-chs\webcompanion-installer.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs821a1db9\zh-chs\webcompanion-installer.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\de-de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\de-de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\de-de\webcompanioninstaller.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\de-de\webcompanioninstaller.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\en-us Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\en-us Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\en-us\webcompanioninstaller.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\en-us\webcompanioninstaller.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\es-es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\es-es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\es-es\webcompanioninstaller.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\es-es\webcompanioninstaller.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\fr-ca Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\fr-ca Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\fr-ca\webcompanioninstaller.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\fr-ca\webcompanioninstaller.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\icsharpcode.sharpziplib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\icsharpcode.sharpziplib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\it-it Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\it-it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\it-it\webcompanioninstaller.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\it-it\webcompanioninstaller.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0dac517\ja-jp Generic Write,Read Attributes

48 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob \Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋ .Thawte Timestamping CA  ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 鐄ȴ 鲱勪峟ʏ耀氅歿岋켜ʚ꺇뺶켜ʚ꺇뺶켜ʚ꺇뺶켜ʚ릵犱Ş洎ʫ赲荓嚋픋˹耀뫹躧픋˹➇ⵌ㭔꘷˿耀뱝鴡䊤↑̀ā耀惟탌 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob ់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀ ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀ ب⬈Ćԅ̇؂⬈Ćԅ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSecurityObject
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey

21 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8dd45114a188a05576604ca2270df37774459daf_0000478208.,LiQMAxHB
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 1896
.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=21184387389 --version=13.900.0.1080
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 840
"C:\Users\Pzakjqgb\AppData\Local\Temp\is-TSJVJ.tmp\1a7411d50e24729f0867feca833b50f09a41aeca_0001602958.tmp" /SL5="$80364,1175137,139776,c:\users\user\downloads\1a7411d50e24729f0867feca833b50f09a41aeca_0001602958"
Show More
.\installer.exe
.\WebCompanionInstaller.exe --partner=CH230702 --nonadmin --thankyou --version=7.0.2417.4248 --prod

Trending

Most Viewed

Loading...