Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.DotSetupIo.B

PUP.DotSetupIo.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.DotSetupIo.B
Signature status: No Signature

Known Samples

MD5: 275f40f80c3fd26a4f3131f900d25882
SHA1: 98ffd0b1c44d01769fa5bc58d675082645ad95db
SHA256: 2B9A9E741635FDB78E241D3EB1CECDA72FFFD25E4C469744B029163E4F87C3F6
File Size: 5.19 MB, 5193216 bytes
MD5: 096755205f550bf8c2ea9d3993f2fbd7
SHA1: 4e6d6a1c45c78bebed0c9d0415b783ddc6e5cadc
SHA256: 0B4974ECF035E9836006CDF8C627D534C298331E6BE8B1B9101D0333CAF3F12F
File Size: 3.41 MB, 3412480 bytes
MD5: 0d81cf13636a8f44b34d555bfb9af66d
SHA1: d2d1338d15c8a4c23ba59b8e1bda1de53aa725f8
SHA256: BAF416C34A3E5CA356FB273EE3DB7125D6B7A6996AFF914BBA735714AEAFA6F9
File Size: 3.45 MB, 3445350 bytes
MD5: b91d3309320ce95830f2343ef60e5ebf
SHA1: 25feee95f595bf40104a76762678750e6d901466
SHA256: AE20DB6F59E52BD9E230C5BE475C10E6CB1CCB85F7DEE5877096F2FE5BB4F1FE
File Size: 1.32 MB, 1324842 bytes
MD5: 66f00c9860e7268af684992cdbf44c43
SHA1: 045619e511b8ab4220f604d01d3aae49f688d698
SHA256: 735ED7ADCD9CCF0895B86BFA21AA076F3F38B893353AF23F6CE4EF588861A307
File Size: 5.70 MB, 5703304 bytes
Show More
MD5: f831569de15275d1a5fdbd339f62288f
SHA1: acbd06d419604291ebf78d46de7e631a9fb6aeae
SHA256: 4C870B9D41C4398718B65CCD24569F91CA1F1AA704813D70547E377864C52DCD
File Size: 30.21 KB, 30208 bytes
MD5: 6a8d93136a6b75d697c1e2ed4ca5388d
SHA1: 0154d616892c42a7aacb2723a89d60675848c706
SHA256: 7128BC6068960D274D6C567A5FFB57CBE4F33CB5C26791B1AF700D1197AD4FDA
File Size: 5.58 MB, 5584312 bytes
MD5: 89eedc713f8bd7ebf622468d105369e8
SHA1: 95cdd4e5e947224712f195e3077cb1ada2983b63
SHA256: 4F30ADDCFD80FE5F69C7576C4EBA4E61348E49496CAC240CA45ACAA2124ED7CF
File Size: 2.47 MB, 2469342 bytes
MD5: f6eee67ea08ce33e62c85380964e0f01
SHA1: 1df0b4a6d94e8866a059973415bb73c9b4db6a18
SHA256: D0CA8255563004A4AE36F2C55741346CD69A2A257D8E530113CDED9E108B2FB6
File Size: 4.56 MB, 4555264 bytes
MD5: 62446320089113b10b86c0e78c71507a
SHA1: b8e01b0f938529ad6bfe3ffabd55c96a883470ca
SHA256: 105BC76AC37570568AAC5D1A4007FD24ED2C3176BB25866B2658C4A59FC882FD
File Size: 5.73 MB, 5733888 bytes
MD5: cce60c46d6ee3842e8e6f1ae28435253
SHA1: b43a6be072f6580cba08a49122ae8dbae5c63107
SHA256: 507E4E227BDB122508F2A06162493DC25D379DC5990D0C5493E66DF66E3B6C09
File Size: 5.48 MB, 5476811 bytes
MD5: 1fa120f2cf49c753b744802abff7dd57
SHA1: f4d0e806f492ed3a242c0f1999ecb5e38afa581c
SHA256: E7E804E29288831A0DDCE2F5B880A428A4D63B42F335992A2FBC30A5270E0669
File Size: 3.60 MB, 3602623 bytes
MD5: 6f48a018a9ae34328ebd17af32f57fb6
SHA1: 9a28c08e996992f6077db8854df8955e6552983d
SHA256: FA4070D779E1D3539620FA5E2C95072196A096E730D19905F0055193AAF55D13
File Size: 5.55 MB, 5551125 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 0.0.0.0
Comments SDKx86
Company Name Power Software Ltd
File Description
  • BitComet Full Installer
  • PowerISO 64-bit Installer
  • PowerISO Installer
  • PowerISO Setup
  • SDKx86
File Version
  • 9.3.0.0
  • 9.2.0.0
  • 8.9.0.0
  • 8.7.0.0
  • 2.16.01.08
  • 1.00
  • 0.0.0.0
Internal Name
  • mds.dll
  • TJprojMain
Legal Copyright
  • Copyright(C) 2003-2023 All Rights Reserved.
  • Copyright(c) 2004-2023
  • Copyright(c) 2004-2024
  • Copyright(c) Power Software Ltd
  • Copyright SDKx86.
Original Filename
  • mds.dll
  • TJprojMain.exe
Product Name
  • BitComet
  • PowerISO
  • PowerISO 64-bit
  • PowerISO Setup
  • Project1
  • SDKx86
Product Version
  • 9.3.0.0
  • 9.2.0.0
  • 8.9.0.0
  • 8.7.0.0
  • 2.16
  • 1.00
  • 0.0.0.0

Digital Signatures

Signer Root Status
Shanghai Chang Zhi Network Technology Co,. Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Shanghai Chang Zhi Network Technology Co,. Ltd. DigiCert Trusted Root G4 Hash Mismatch
Power Software Limited SSL.com Code Signing Intermediate CA RSA R1 Hash Mismatch
Power Software Limited SSL.com Code Signing Intermediate CA RSA R1 Hash Mismatch
Power Software Limited SSL.com Code Signing Intermediate CA RSA R1 Self Signed

File Traits

  • .NET
  • dll
  • Installer Version
  • x86

Block Information

Similar Families

  • DNDownloader.A
  • DotSetupIo.B

Files Modified

File Attributes
c: Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxa93f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\mncgx5k.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsd9bda.tmp\nsl9c39.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsd9bda.tmp\nsl9c39.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsd9bda.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgf963.tmp\nsof9b2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgf963.tmp\nsof9b2.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsgf963.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj47e3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj48cd.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslcede.tmp\nsecf2e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslcede.tmp\nsecf2e.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nslcede.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsndad4.tmp\nspdb13.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsndad4.tmp\nspdb13.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsndad4.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsrf943.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswcece.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxdac3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsy9bba.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsz48de.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup\ds.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\czdownloader\log.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l1\30\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_1df0b4a6d94e8866a059973415bb73c9b4db6a18_0004555264 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_1df0b4a6d94e8866a059973415bb73c9b4db6a18_0004555264 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\poweriso::tbinstallflag RegNtPreCreateKey
HKCU\software\poweriso::tbinstallflag2 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Cpvskzav\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Cpvskzav\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Cpvskzav\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\lden::pcmac RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getsockname
  • socket
Network Info Queried
  • GetAdaptersInfo
Keyboard Access
  • GetKeyState
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Service Control
  • OpenSCManager
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winhttp
  • WinHttpOpen
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile

Shell Command Execution

"C:\Users\Cpvskzav\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\acbd06d419604291ebf78d46de7e631a9fb6aeae_0000030208.,LiQMAxHB
runas c:\users\user\downloads\._cache_1df0b4a6d94e8866a059973415bb73c9b4db6a18_0004555264
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...