PUP.DefenderControl
Table of Contents
Analysis Report
General information
| Family Name: | PUP.DefenderControl |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
dc269372ad4251e05b9c9535a0272a6a
SHA1:
cfb65be0a44d465266c9314b0431a2bb5d5aa1f0
File Size:
331.78 KB, 331776 bytes
|
|
MD5:
0af1b065c0b82e18467b444a45038f38
SHA1:
1ab536379e1506c2c0d7ed61f7380fcd250eccae
File Size:
459.12 KB, 459120 bytes
|
|
MD5:
81ba7c4c5a0484a130eb4532e5e7aac4
SHA1:
8302ee6d00209521133a74474b1f03dcc9e3abf8
SHA256:
2AF71EBF2797E79D581CA3C5EFD6706BDB5B502ADDF0F2162CBAB267CC156369
File Size:
596.41 KB, 596415 bytes
|
|
MD5:
fa28d91118b80e12b30a1bd771a331b7
SHA1:
79888bd4a1d7ec1794641c31cc7e6d0f37a35dbc
SHA256:
10551DCA97A15E44E654AACCF5C8A82B36243B6D7283BD7CA82C29FB41752029
File Size:
919.08 KB, 919077 bytes
|
|
MD5:
c945ce723f62b267e8de0c9ca482510d
SHA1:
4cfbe4f760c774e319c3a84bbe3f5698463c6ddd
SHA256:
1DBDB00F1C1C38AFB97F819FE86DE8080B39B6FF3332401C18942B8CCCB3C3DB
File Size:
596.40 KB, 596403 bytes
|
Show More
|
MD5:
52392f73af1678190106546bfca5dd3a
SHA1:
c65f0e333e9886f53616a414ac249440d8b450c0
SHA256:
BDC9355E0045E77408AFF12E0E83DA5B695E18043E6755F9B6920C386B4693DA
File Size:
678.96 KB, 678964 bytes
|
|
MD5:
3fa8060a8fee27a695ea9bd005c706f3
SHA1:
9eb56ba22df0324104936f68ef9ffd97bd3d7bc4
SHA256:
B5A26B42FD53BD2A5AB3D2326498F287E5890CDC3022692108E8AC060DF92989
File Size:
596.43 KB, 596433 bytes
|
|
MD5:
523573d781e26fabdd89d29a091692df
SHA1:
29bbe83aadd49e8f10c334c349af100e22f7550c
SHA256:
A0CA793CD172A5E703F721DD96CAA9CC07B29D18EAE7C90F2EB450E350D998AD
File Size:
669.84 KB, 669841 bytes
|
|
MD5:
b6adff385952d0749d7b6551fb61d2ad
SHA1:
0f86356516f4e0701e08e8ad3d190dae77596b9f
SHA256:
DE7D38DF7D51CCA8F6D4A2056EC5AECD5BC180544DECF95837E582169307CA75
File Size:
596.44 KB, 596438 bytes
|
|
MD5:
e24d98f78db7cd5481fdd161cd806308
SHA1:
ad443a8169ce72d2c909348b6d891956769f0ee5
SHA256:
08AFFF39418A57A89B111D0459A94F4CCD413B80DE2830CF7CEED8524214CDE0
File Size:
595.05 KB, 595047 bytes
|
|
MD5:
79d5c81b413bc2c52c459dd0de7d3b27
SHA1:
a3f4c8d0cff3aee37b0c6150e8e7990507914631
SHA256:
09EDA8797C33558C81336FD1E578F6E370A21C97E9BBE6D6975D118772FE12C4
File Size:
596.36 KB, 596360 bytes
|
|
MD5:
1a3e5023bd55b2d7a591ff8d92d595c1
SHA1:
b2bf30ad5a56f2a738294176227a2b0f48e1734a
SHA256:
7FD235B300307E574A4DAAD51F9AD25DBA259DBC0C909746515512DDD588EFFD
File Size:
739.08 KB, 739077 bytes
|
|
MD5:
cd1e26dd3de9cab5f6d06e8469ffb210
SHA1:
69c55fbae19969eaa049190c4196077a86241d78
SHA256:
D9E33D95F5455D059AE9A4B4EF8D4FECA3A38D3E0B538AA761F2626BB12E26E1
File Size:
596.42 KB, 596422 bytes
|
|
MD5:
36dc2542fe05ad804854c37565557515
SHA1:
467d30aac752c16a1ad57312aa35ec577a339f1d
SHA256:
2FCBB406FED10C2E39D2AB7F644404A529F380462E3CFAF767014CEF8080EB77
File Size:
596.40 KB, 596397 bytes
|
|
MD5:
61312ac8dc489f59ddb40835f9e7f69f
SHA1:
e9fe35a49a50178974714d5910d8ae110ee2bac1
SHA256:
9EF5F9928457D956FBAE146C7CACEBACD781EA6786933C351517E62CFBD849FB
File Size:
3.13 MB, 3131073 bytes
|
|
MD5:
02519a3cd25385a79d68925abe9c4479
SHA1:
716b2e6a4c72f857338b8e04bd4926158ebed990
SHA256:
1816F73D33C142EED7E87BE5E6C8623195A16106E08DE625817607574BAB5442
File Size:
994.03 KB, 994035 bytes
|
|
MD5:
f6399dc3f272221fe016c6d98ad9104a
SHA1:
3d4a42012aad395337ce163357ed89db12169bc2
SHA256:
F094A16045392AB7BEC3F80E62DC1B2170BEDB2ED28D5E23BFC02B8CBD650EE1
File Size:
591.74 KB, 591744 bytes
|
|
MD5:
21e58032b6f40e20b49f6d7b42ebb263
SHA1:
dbe9659598b524103a22e4958a73eab7699ba753
SHA256:
EA41C3E94179DC1D513EADDF9CB444459F39BB06EA4891770A7EC3C9508FEC9F
File Size:
678.69 KB, 678687 bytes
|
|
MD5:
e4df0318e4ac9096440bc5ae6c7b0067
SHA1:
2483da3d2a120ed14ad52d6d70aaba6ca8b66ba5
SHA256:
4DD19A0347C9430F5ADF267897745D677D92E290031B5CB2A89A703D33D0C156
File Size:
669.89 KB, 669888 bytes
|
|
MD5:
c9d7a62c35a74f9822147512502a6a65
SHA1:
2a059f57c47f78a927c10503935023d77b2af0e7
SHA256:
E4E0323D19C11D9DEBAFFA99F2F0B014EC97E9386A55325DB88251970E59A804
File Size:
596.32 KB, 596321 bytes
|
|
MD5:
a2b3dc85b087741813b7822fb917d818
SHA1:
e9dd3350617bf9fae38fbb72e6abae7526e13adc
SHA256:
E4DB4B8B69951EDEAC9177C7B9F60D919FA542349330ABE86F848D65DBD6C462
File Size:
738.90 KB, 738898 bytes
|
|
MD5:
2230ad0f231eea32903245453791830a
SHA1:
3562055775f6fa978f3171aa511bc5e5929318ce
SHA256:
BC0A1F084FADBE90C4D46A3B1C2A60CF1678595190F3B13FB37474C91F7C141D
File Size:
738.96 KB, 738960 bytes
|
|
MD5:
18d36d98914b3a405e16e848dd69ba3d
SHA1:
f97c41ab195990b534cdfc28ff3990655dae7d72
SHA256:
7C052069E8829F191243C82E34A605F92B6C34A63EE7442D7BF7C97EBA1ECCEF
File Size:
738.90 KB, 738905 bytes
|
|
MD5:
785ac31ed47b60164a74cadb60a07cea
SHA1:
396a5d076f0adbacdc1f2d811b2bbbb20accecaf
SHA256:
D6B1A6974ABCBBB0AF6C62ED37358C30454F05FDF5F9AB29ED46A8F6991EBC3C
File Size:
669.80 KB, 669797 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is 64-bit executable
Show More
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Coder | By BlueLife |
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- big overlay
- HighEntropy
- packed
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Autoit
- Tedy.L
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
| Syscall Use |
Show More
|
