Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Cain

PUP.Cain

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Cain
Signature status: No Signature

Known Samples

MD5: 384747b8cded1a5db76b9247223921d9
SHA1: c0323a0bc229110a56f88158eb5f3808e3bb9d54
SHA256: 6CFEDCA590E049B2E418EC49F1BA4CBD090D14A9D7B5D0430A83393C86E70869
File Size: 8.24 MB, 8244936 bytes
MD5: 0f18ac7ff40a6a289fc578f0bc190b0c
SHA1: 71d506069100e1e5dc24d005aa763de71aab07a8
SHA256: F1441F9C84A08D7863D1CC87396EB2F73EA27AC2C6C01E2120E087852C9BF720
File Size: 7.72 MB, 7724541 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name x
File Description Cain & Abel v4.9.56 Installation
Legal Copyright x

File Traits

  • big overlay
  • Installer Version
  • WriteProcessMemory
  • x64
  • x86

Block Information

Similar Families

  • NetBus.A

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2144656 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel.dll.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel.dll.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel.exe.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\rarsfx0\abel.exe.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel64.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel64.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel64.dll.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel64.dll.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel64.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\abel64.exe.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\abel64.exe.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ca_usermanual.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\ca_usermanual.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cain.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cain.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cain.exe.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cain.exe.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\charset.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\charset.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\driver Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\driver Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\driver\winpcap_4_1_1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\driver\winpcap_4_1_1.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\install.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\install.log Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\lame_enc.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\lame_enc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\oui.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\oui.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\packet.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\packet.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\pstorec.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\pstorec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\whatsnew.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\whatsnew.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\winrtgen Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\winrtgen Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\charset.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\charset.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\winrtgen.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\winrtgen.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\winrtgen.exe.sig Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\winrtgen\winrtgen.exe.sig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\wordlists Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\wordlists Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\wordlists\wordlist.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\wordlists\wordlist.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\wpcap.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\wpcap.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Herzqoqa\AppData\Local\Temp\RarSFX0\Cain.exe

Related Posts

Trending

Most Viewed

Loading...