Multi-License Discount Quote

Change Region

English
Threat Database Hacktool PUP.DDoS

PUP.DDoS

By CagedTech in Hacktool, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.DDoS
Signature status: No Signature

Known Samples

MD5: 03b4b9430470d949c01c51a069181917
SHA1: 6013064236582e20bbf2a9925e5ff4c1b5998b17
SHA256: 855FA4A3044444FCC897C56AADC6E87A8B76AC29A512A2B15C51129C83B39E13
File Size: 724.99 KB, 724992 bytes
MD5: 603d8e3b8766832170ae2540e77c7826
SHA1: e0e84e5d560dc739a9039ee3fc4b862762407da2
SHA256: BF982E640B023AA7157F443D34D394ED6CED8F7F1C719406C0DD96363D62F779
File Size: 163.84 KB, 163840 bytes
MD5: 6a909cb788d00b0ef6aaee9c232757fe
SHA1: d05c153de25fa5adc4ce4463b66a4fc0b275245b
SHA256: 37C48DFA2DA00E7BE718CEC4B24CE1427BE9D332137B11D1E389BAE0928169E8
File Size: 217.60 KB, 217600 bytes
MD5: 41605de39b02a48a1466239a69cf3022
SHA1: c1a54dbfe6b4b1aec07d4e80fca0efbca39fcdc7
SHA256: 4D55C6D9371E3689630BB3C3257BABEED4199529CACDE715D2DD78A2AF86BBB3
File Size: 34.30 KB, 34304 bytes
MD5: 5e72c38f9efd1ae92c52ecff5c180710
SHA1: 10cf118c1b6756cc2366a9a391414b71790cd6c3
SHA256: 0CFEE4A9CE9EA2D12AE334F56B96E23E8B9A083A88E7524191A41CAE0794E2F8
File Size: 74.24 KB, 74240 bytes
Show More
MD5: 9ebcc9c1d6ddbd1d760198a1fa3cd57e
SHA1: 09223a11bd671e7eac885ca75ead59aaae2ccb71
SHA256: AF7BE813ED5029D6FF0855ED471271DC630DF3C7CE84A1C1A38EAF44BA701C91
File Size: 77.82 KB, 77824 bytes
MD5: 7aa21fe2708c1e5640574595d7d5a184
SHA1: 060b09903882e6386b671f18e6503f9c1ede27d0
SHA256: 2BAED5E24BC61AD57331131864C7C593973B860FDED0AD1B5E21D1A4F408934E
File Size: 35.84 KB, 35840 bytes
MD5: 101b05b628ee5b2514b9ab1296f14504
SHA1: 3409ade3b138ac3634018afd8ebce9d86682d702
SHA256: 21153D05EC4FACF55BA461B31B4D5E05055C04EF13F38D64D029FAB85DAA2A82
File Size: 40.96 KB, 40960 bytes
MD5: 73a7d701b98c040a80bc24b01b1f0ef5
SHA1: a02b63b55bc49b05f82869c2f293fa41a30076b3
SHA256: BA83EF12A1CE751EB785F759024F90C2DBCFBE0D55FF7166609B14E9AE2A7444
File Size: 66.05 KB, 66048 bytes
MD5: 35cc3632e6afc84b1a98b2ea66921aa3
SHA1: 24fd73e4f4a15a77a3deb2b57139bf86464286d4
SHA256: 672AEEFA49412170869C0F2466772DB89309624D1E4152435800D76746A6603C
File Size: 41.98 KB, 41984 bytes
MD5: c6b16d7a0cb8c3ea890647f605925f06
SHA1: fdd4a38cdc8d2bc25859807dd60140811d6db297
SHA256: 7E2CCE8BC283D96A31E2B157879AC7C374FEA545CB012CD1E62B17EF3F9B3D37
File Size: 74.24 KB, 74240 bytes
MD5: 74bfe778df19770545b61c96c744cbc0
SHA1: 77168e1a855a8cb5be5ecdb47930fb038e60b381
SHA256: 1DFDBB6572D09A9A051316F297029F2BC130EDB2697386C419335BBF3488D354
File Size: 31.74 KB, 31744 bytes
MD5: b79753306212b40f75fb7e0ed80bce0d
SHA1: adabd5729dec9bc8c999952453c9220967c74df5
SHA256: A2124562A547EF32F6C710194D94C9D8D6C25EA6A181B88B70771949E5527267
File Size: 55.30 KB, 55296 bytes
MD5: b16f67fecbc0aa8cd10487f3ea946740
SHA1: 18e78c1b3237f7699e628b28a6e3b97221a1c5ac
SHA256: 49B4B3C4AA71E6DD853745556C737EAFE12A72BB5487A6E95838748A5C3C5271
File Size: 46.59 KB, 46592 bytes
MD5: cff3f466dca5ecaaed51f0633bd65149
SHA1: 52a88e80d33275346bb38a7a83108695522e23a7
SHA256: CB0FDD38DAEBC0D122E8FE7255DC8125C5A00B6CFB0DF63882FB1340C81D7ED0
File Size: 62.98 KB, 62976 bytes
MD5: 72801126dc7e2baed024ea69cad1961e
SHA1: 5ac6f2bc64bc0ab6f04c4291137ec28e57a570a9
SHA256: BC876483914693CE24C963725736566FD9BA722A9042687CF5FC6A8D869D3065
File Size: 40.96 KB, 40960 bytes
MD5: 7657309b64c46df4b970d0d2f0153d52
SHA1: c56e65ab3a68a1b1c1f11867ab1b640bfa9e970d
SHA256: 1B8E58033F111DFFD28E5CF5B0F086E03B4C12127A1CBB3CB7F0108E8CF901B7
File Size: 1.68 MB, 1676288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 11.0.26100.1150
  • 6.2.19041.546
  • 2.8.471.9
  • 1.0.0.0
Comments ISB (I'm so bored) is a network-stress testing utility for Windows.
Company Name
  • byte[size] Software
  • Microsoft Corporation
  • Oracle Corporation
File Description
  • COM Surrogate
  • IE 7.0 Unattended Install Utility
  • ISB (Im So Bored)
  • Java Update Scheduler
File Version
  • 11.0.26100.1150
  • 6.2.19041.546
  • 2.8.471.9
  • 1.0.0.0
Internal Name
  • 5045.exe
  • dllhost.exe
  • edgewebauth.exe
  • erererer.exe
  • f8e1b68248848fbbd74402ad9129ffb4.exe
  • FClient.exe
  • Host Process for Windows Services.exe
  • ISB (Im So Bored).dll
  • jusched.exe
  • MasonClient.exe
Show More
  • MicrosoftUpdate.exe
  • Realtek HD Audeo Universal Service.exe
  • SaQirWorLd.exe
  • taskhost.exe
  • WinSysTray.exe
  • XWormClient.exe
Legal Copyright
  • Copyright 2023 byte[size] Software
  • Copyright © 2025
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • 5045.exe
  • dllhost.exe
  • edgewebauth.exe
  • erererer.exe
  • f8e1b68248848fbbd74402ad9129ffb4.exe
  • FClient.exe
  • Host Process for Windows Services.exe
  • ISB (Im So Bored).dll
  • jusched.exe
  • MasonClient.exe
Show More
  • MicrosoftUpdate.exe
  • Realtek HD Audeo Universal Service.exe
  • SaQirWorLd.exe
  • taskhost.exe
  • WinSysTray.exe
  • XWormClient.exe
Product Name
  • Internet Explorer
  • ISB (Im So Bored)
  • Java Platform SE Auto Updater
  • Microsoft® Windows® Operating System
Product Version
  • 11.0.26100.1150
  • 6.2.19041.546
  • 2.8.471.9
  • 1.0.0.0

File Traits

  • .NET
  • Installer Version
  • NewLateBinding
  • No Version Info
  • ntdll
  • RijndaelManaged
  • Run
  • x86

Block Information

Total Blocks: 62
Potentially Malicious Blocks: 33
Whitelisted Blocks: 23
Unknown Blocks: 6

Visual Map

0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x ? x x x x 0 x x x x 0 0 x ? x x x x x x ? 0 0 0 0 ? x x x x x x x x x x x x x x ? ? x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Injector.DFF
  • Injector.GPB
  • Injector.GSD
  • MSIL.Agent.KA
  • MSIL.Krypt.UJB

Files Modified

File Attributes
c:\programdata\iashost.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\masonkit.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\24fd73e4f4a15a77a3deb2b57139bf86464286d4_0000041984 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\24fd73e4f4a15a77a3deb2b57139bf86464286d4_0000041984 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\24fd73e4f4a15a77a3deb2b57139bf86464286d4_0000041984 Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoftupdate.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::24fd73e4f4a15a77a3deb2b57139bf86464286d4_0000041984 C:\Users\Eazakgdu\AppData\Roaming\24fd73e4f4a15a77a3deb2b57139bf86464286d4_0000041984 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetThreadExecutionState
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair

4 additional items are not displayed above.

User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Process Manipulation Evasion
  • ReadProcessMemory

Trending

Most Viewed

Loading...