PUP.DllInject.FA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.DllInject.FA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
63011bcdd7194c4cfc61719a1a146463
SHA1:
5dac2775f211af2118e2cca97381fa244310571e
File Size:
1.22 MB, 1224704 bytes
|
|
MD5:
8145b466e5ef1bec98b42afcd0be7463
SHA1:
c0dbdf29c69405e7f994fbc78981ecac4786ac5c
SHA256:
4F13F222D736FF1CC3A5F1609A87DB08475F71F6D43A08A2517E357146739FAB
File Size:
1.20 MB, 1203200 bytes
|
|
MD5:
9f0b9233186b72d0ac0ead2807cd05be
SHA1:
e5b04af11a7940e578ff6207793a3d59787f1604
SHA256:
C01C61FA84F36DD935347E38217DF7CBB3B0EF269645D38C47B903C4E5BEB295
File Size:
1.31 MB, 1305600 bytes
|
|
MD5:
3fef70f97e4b6b8ed3ab59cfdec9770d
SHA1:
f1a79c0c4c1cab3af6ee1d944ddfe0d7449d1693
SHA256:
C680BDC5DFC6A860CBF4FF1795858B7A977C450CEAA2D5331EC07D46CB902531
File Size:
1.20 MB, 1201664 bytes
|
|
MD5:
5b945b0a7aac35bcea17c6c1ec42d56b
SHA1:
6338b9adffbe3b3c509b175d6ac0944703bff0a0
SHA256:
533349F2613FADB0A7FB0E61B59AC4BD052CF21038D28EA199235DA26247999D
File Size:
1.18 MB, 1184256 bytes
|
Show More
|
MD5:
49e8059132397e25247d1d8755405d4f
SHA1:
808748044c236ee5a9ec4fd8a812277827845572
SHA256:
07B22DEC2AA40C458F74F2DB3673DC8A2A38F915CB939DB935FABEAB0405ECA6
File Size:
2.05 MB, 2047626 bytes
|
|
MD5:
91536496a8c236997a46243b0fa0553c
SHA1:
15430cd21af6620a12c126ab3f7f024987d3975d
SHA256:
4B9A346633337EE1A79AB5D67C05914C86F29BA71B92933E7D75AF7987CF6167
File Size:
4.03 MB, 4026880 bytes
|
|
MD5:
cd8a11f3bc5f038d722e614db54aef43
SHA1:
74b3893e717da9e97fbc8edfeaaf05e831a5538d
SHA256:
49F743ABF1E9EB0BC5E0B322CB4002D449B652F605BC55AC3A698817BFC24755
File Size:
1.12 MB, 1116672 bytes
|
|
MD5:
63347dce3aee02395f2abe194c23fb78
SHA1:
5d75d9a42ded47d772f1743ccf570249e8b7cd5e
SHA256:
3107857C5361FEF3F8AB0A3E76DEA3AB6A23D397206D282F46CD846A74B4E0ED
File Size:
1.18 MB, 1184256 bytes
|
|
MD5:
ff7ad4e469ecaf3063028a3de15d7712
SHA1:
22a94d3bf09b8e6523f200ba18aa0e35d8818176
SHA256:
3D72A2F88F9C0B1A7279363043FB48E50A5D11AD68A49B246740060E59928E60
File Size:
553.98 KB, 553984 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- fptable
- HighEntropy
- imgui
- No Version Info
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,798 |
|---|---|
| Potentially Malicious Blocks: | 130 |
| Whitelisted Blocks: | 1,436 |
| Unknown Blocks: | 232 |
Visual Map
0
0
0
0
0
?
?
?
0
?
0
x
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
?
0
0
x
x
x
x
x
0
0
0
0
?
?
?
x
0
x
0
?
0
0
0
?
?
?
x
?
x
0
0
?
?
0
?
?
?
0
?
0
x
0
0
?
?
?
?
0
?
?
0
0
?
?
0
x
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
x
1
?
0
?
?
0
0
0
0
0
0
0
x
?
?
?
0
x
x
x
0
?
x
?
0
0
0
0
x
x
0
?
0
?
?
?
x
x
?
?
?
?
0
0
?
0
0
0
0
0
0
0
1
0
0
?
0
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
x
x
0
x
x
x
x
x
x
0
x
0
x
0
x
0
0
0
0
?
x
?
?
?
x
x
?
0
?
?
0
?
?
x
?
0
0
x
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
1
?
?
0
0
?
?
?
?
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
?
0
x
0
0
x
x
x
0
0
x
0
x
0
0
0
0
0
0
0
x
?
?
?
0
x
?
x
0
?
x
0
?
0
0
0
?
?
0
0
?
x
x
0
?
?
x
x
x
0
0
0
0
0
x
0
x
?
?
0
?
0
0
?
x
0
0
?
x
0
0
?
x
0
0
?
?
?
?
?
0
?
0
?
?
?
x
x
0
?
x
x
0
?
?
x
0
0
0
0
?
?
x
x
0
x
0
?
?
0
x
0
0
0
0
x
?
x
0
?
0
?
?
0
0
0
?
?
0
0
0
0
0
?
0
0
0
0
x
x
x
1
x
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
?
?
0
0
0
0
0
0
0
?
0
?
?
x
?
?
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
?
?
?
?
0
0
0
0
0
0
0
0
0
x
0
0
x
?
0
?
0
0
x
?
0
0
0
0
0
0
0
0
?
x
x
0
?
?
0
0
?
0
?
0
0
0
?
?
0
0
0
x
0
0
0
0
0
0
1
0
0
0
0
?
x
x
0
x
x
0
0
0
?
0
0
0
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
?
0
0
0
0
x
0
0
0
0
0
?
?
0
?
x
?
?
?
x
0
0
0
0
0
0
0
0
0
x
x
x
0
?
?
0
0
0
x
x
?
?
0
x
x
?
0
0
?
?
?
?
?
?
?
?
x
x
?
x
?
0
?
0
0
0
0
x
?
0
0
0
0
?
0
x
?
0
?
0
?
0
0
0
?
0
0
?
0
0
0
0
0
1
0
0
0
0
?
1
x
0
0
?
0
?
0
0
?
?
?
0
0
x
x
x
x
x
?
?
?
x
x
0
x
0
x
x
?
?
?
?
?
?
0
?
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
?
x
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
x
x
0
?
?
?
?
x
x
x
x
0
x
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
x
0
?
?
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
