PUP.DNDownloader.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.DNDownloader.A
Signature status:	Self Signed

Known Samples

MD5: 35c6dabdd9560373d1b5305e31aa7565

SHA1: d750e2db3c56b5aae88c4a3db52a1478ed7f9985

File Size: 266.74 KB, 266744 bytes

MD5: 1bd36cbbe4aac801a2b7aafcb8125b21

SHA1: 36e935ff1c95878407387799254be285308004ce

File Size: 291.78 KB, 291776 bytes

MD5: 67e4d0e05d2c91d1657058c73396709c

SHA1: ccbab0370f7515e59a05f8bd76d67f727efd77d3

SHA256: 68CC546F59AE396754C1865C4AD05B00B5CEE28AD45E301C96447592D596DA3E

File Size: 3.56 MB, 3555324 bytes

MD5: a9dde1da14af658e30871f3b9436b7b2

SHA1: 52062eba97a002268bf60848856fa4d9b96ed2d2

SHA256: 20C92392776C85B20529B53B9D7D930AE5897B4B9A84392C3D6D53C10ADA6D7D

File Size: 257.02 KB, 257024 bytes

MD5: 66a566ad526712ff267d0729c65a3631

SHA1: 5674d93265526c8f4d0ff390bd3e1eb1ba27b64e

SHA256: 19CECBC13A745A3F9C7778C948ECBF823F12484422B402C9F5FCFE34BA8A3FAA

File Size: 465.51 KB, 465512 bytes

MD5: 4299044fabd92fc6bf531afc1c3f4d4e

SHA1: dc8cfac88647a9348cf62d94894f4a3ed7989c0f

SHA256: C1D7027A709EADABD6B5AC30F2697D51F5618727FDB785AF7B2A1D31F1E2C632

File Size: 271.54 KB, 271544 bytes

MD5: d0d770ecbb4a45d4c8cbea9035a8fc53

SHA1: fd8d76443977dc2a9275d8ede12f7b675f12aba7

SHA256: DA1D1EAD39B32BC9F0586D2BE976CA6E0352B2A30715B9D90DEFDD892209A163

File Size: 236.78 KB, 236784 bytes

MD5: 0b3ff889cdf480f66d29c5879614a0e5

SHA1: 8b92a471fb4068b10674248b4db0b343dd0c476f

SHA256: ACE3A2AD3B9102F1B315ADADDDF8DD5CD2A8FED2CB3D1CDDF385FD22F6A89F06

File Size: 4.96 MB, 4958676 bytes

MD5: 1fbbc131709307017d0b39cd80faa631

SHA1: ab225f91c127f2603634ac87eebfd0d88ba2bd03

SHA256: 83D18118A0D0751DF302DE6136451BF6CC3DD233187F390AFD37FCEA065F731A

File Size: 1.74 MB, 1742072 bytes

MD5: f5fa1bbe6ff1da72fb3a2d6242b4c403

SHA1: d316346d0c70aff75871a1924e244fbefa4ea3cc

SHA256: 6B59D9C0E91B0EDD05294E29CD0DFF85085B271A72AD3ADA9ADC5B7CCCF1F556

File Size: 3.25 MB, 3248376 bytes

MD5: 7373d2d2a4d0bee02138142eed2c19c3

SHA1: f93a781b8ae8d8fb1d4b69b8e5913f77b6fb7e29

SHA256: 4F88D54102B578934B05864BD64004BC8D834CC24669BA80FC9F13EF44C5B742

File Size: 270.33 KB, 270328 bytes

MD5: fc814dc61977dc161ad85f31a7b0b330

SHA1: 9a893a805e748c0a046451779cc90187b377d344

SHA256: A8F96C7FFB2820BA06F4D05BFDE6D89164DDD3A585DE507E66F133EA16213190

File Size: 4.18 MB, 4175576 bytes

MD5: 9d435a2212406e23a3a80a28bb92a59c

SHA1: d8b7260b1b206e0e25eaa4bd7d89636bd264111c

SHA256: F9A2D0A8DD9F8F1524F52CF2C7EDD0A9AAB73B2BFBE68C0343253BFE8F97FE3B

File Size: 455.42 KB, 455416 bytes

MD5: de380c5169a636bbb72aa289b989a618

SHA1: acb653aa6c5f94c855d02be0f2a65b540b2ef8e9

SHA256: 48D8FB1178C3FE6FBF741637F80FAC8474D52C75D139295AB479DE36BF83F0F2

File Size: 5.52 MB, 5516504 bytes

MD5: 47f8ae8c99aa507ca08fb4a3980b4726

SHA1: 66e4023cc88f048e2c8bd4aa084be48cd72e2176

SHA256: C434EF5ADBB6BE7534F1C1664E88462E2BEEE3A9CAACCB0838E964F2E24EC31F

File Size: 1.15 MB, 1151488 bytes

MD5: 5e795a249096976b4aef12da526f0c07

SHA1: 37312fbac3c3f89ef5b0d1ff71c1969332bf8e3b

SHA256: E8BDA6ACF971A0BC46E76054FFBA89E286689FDA636AF239C268F96E53BCA297

File Size: 2.65 MB, 2651557 bytes

MD5: e4ebf7454ccd7bb3fac8c93ec65d55c5

SHA1: eaeb6b35836ccd21fe539148045e55de9e49b3bd

SHA256: 51604909C723EFB50904868D7A20616A43D82B4E84E388582E9A8935BA2FCF43

File Size: 271.65 KB, 271648 bytes

MD5: b657edce768264981eace398166007e1

SHA1: 18a8649e4c6586b3f15cc384f1f2b378ce271b29

SHA256: 3FBB40A9F3C64620F27824BB44899BB0F1D2D9E7D838E930EB93D9006BCA4997

File Size: 2.62 MB, 2620416 bytes

MD5: d2839aac275018298f27e1795835878a

SHA1: 57343e3b99200785e68d0e1bd01ebaaf3193af9b

SHA256: 810B7CB581BF96D1A40C08A2CED6B0840BC04731C8FD27D7F1F83CDD44C856B7

File Size: 275.25 KB, 275248 bytes

MD5: f5d4d17014db45f0fa6aac36cd434990

SHA1: cf11e14fa44fb8b33a50d323596fcdedccae66a5

SHA256: 053ACC7563E2053CE2198FC03CF9D476C65EFC68E6F2E20ECAA3902C0B379B4A

File Size: 3.62 MB, 3622587 bytes

MD5: 7c212f646f22c04592dd94b86dd532f6

SHA1: 2a725a9e911187885ce6be049e15b8f5bb392aa4

SHA256: 0CC6ADAD0AF394B7606934844655A8284236FAEFC7C415F4534E208D2764ECDF

File Size: 3.54 MB, 3537812 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application

File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	LDPlayer Synaptics XUANZHI INTERNATIONAL CO., LIMITED XZ 上海畅指网络科技有限公司
File Description	LDPlayer Player Synaptics Pointing Device Driver 雷电模拟器
File Version	9.1.67.0 9.1.63.0 5.0.11 1.00 1.0.0.6 1.0.0.4
Internal Name	dnplayer.exe ld LDPlayer TJprojMain
Legal Copyright	Copyright (C) 2016 Copyright (C) 2019 Copyright © 2016-2026 JUST OKAY LIMITED. All rights reserved.
Original Filename	dnplayer.exe ld LDPlayer TJprojMain.exe
Product Name	LDPlayer Player Project1 Synaptics Pointing Device Driver 雷电模拟器
Product Version	9.1.67.0 9.1.63.0 5.0.11 1.00 1.0.0.6 1.0.0.0

Digital Signatures

Signer	Root	Status
Shanghai Changzhi Network Technology Co., Ltd.	DigiCert Assured ID Code Signing CA-1	Self Signed
Shanghai Changzhi Network Technology Co., Ltd.	DigiCert EV Code Signing CA (SHA2)	Self Signed
Shanghai Changzhi Network Technology Co., Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Self Signed
JUST OKAY LIMITED	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Shanghai Baizhi Network Technology Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch

Shanghai Chang Zhi Network Technology Co,. Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Shanghai Chang Zhi Network Technology Co,. Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
JUST OKAY LIMITED	DigiCert Trusted Root G4	Hash Mismatch
Shanghai Baizhi Network Technology Co., Ltd.	DigiCert Trusted Root G4	Hash Mismatch
Shanghai Chang Zhi Network Technology Co,. Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Shanghai Chang Zhi Network Technology Co,. Ltd.	DigiCert Trusted Root G4	Hash Mismatch
Shanghai Changzhi Network Technology Co., Ltd.	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
Shanghai Changzhi Network Technology Co., Ltd.	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted

File Traits

dll
fptable
HighEntropy
imgui
No Version Info
x86

Block Information

Total Blocks:	8,242
Potentially Malicious Blocks:	409
Whitelisted Blocks:	7,192
Unknown Blocks:	641

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? x ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? x ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 ? ? ? 0 ? ? 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 ? x 0 ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? x x ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? ? x ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 0 ? ? ? 0 ? 0 0 0 0 0 ? 0 0 ? ? ? ? 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

DNDownloader.A

Files Modified

File	Attributes
c:\users\user\appdata\roaming\lddownloader_en\downloader.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\lddownloader_en\fonts\nanumgothiclight.otf	Generic Write,Read Attributes
c:\users\user\appdata\roaming\lddownloader_en\fonts\roboto-regular.otf	Generic Write,Read Attributes
c:\users\user\appdata\roaming\xzdown\fonts\nanumgothiclight.otf	Generic Write,Read Attributes
c:\users\user\appdata\roaming\xzdown\fonts\roboto-regular.otf	Generic Write,Read Attributes
c:\users\user\appdata\roaming\xzdown\log.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\lden::pcmac		RegNtPreCreateKey
HKCU\software\lden::pcmac		RegNtPreCreateKey
HKCU\software\lden::pcmac		RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	SetWindowsHookEx
Network Winsock2	WSAStartup
Network Winsock	accept bind closesocket connect freeaddrinfo getaddrinfo getsockname recv send setsockopt Show More socket
Network Info Queried	GetAdaptersInfo
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetSetOption
Anti Debug	NtQuerySystemInformation
Network Winhttp	WinHttpOpen

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.DNDownloader.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Kryptik.JUD

Trojan.Agent.MBD

PUP.Baidu.A

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen