Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Downloader.AA

PUP.Downloader.AA

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Downloader.AA
Packers: UPX
Signature status: No Signature

Known Samples

MD5: c015cac354d6bb4be34c58916a3fd912
SHA1: 640d8d3d3dbf366d2c14579aa0622cf81c3a5a62
File Size: 383.84 KB, 383844 bytes
MD5: f0bf06e51b3147d8c3be221edc15f50f
SHA1: 1ab025936c7d2e0c8e9c6929cd63c0f7c613e817
File Size: 361.67 KB, 361666 bytes
MD5: eb185c84e9c81e27c7b3ef796bbc97d9
SHA1: 8f62778d5db03ecc41f0b06bb72754ae7fc5e826
SHA256: 4DE0047D29E272EEAB1D0B084919B86827A54E12ED462A62BDFA7E129D76506D
File Size: 367.86 KB, 367864 bytes
MD5: 3072c13d31b6624a4870274e2f9ee000
SHA1: 7afb1517155281221bfee1de5f085e576b1becf1
SHA256: A0BAC498F4BEC53F9D0C5A43052049B68B1F947C7A54EE7A508283A617907595
File Size: 367.21 KB, 367208 bytes
MD5: 057438930924b6693a34dfec5845947f
SHA1: 86b36f3b7a426d06968036ae6b396d9f73f99aaf
SHA256: B63FB2EFD28ACBABA664FE0E17E7B2C596BB5430855911D3415E686CECFE0962
File Size: 368.27 KB, 368272 bytes
Show More
MD5: f28496f4dc5a80e8fa381e1ee9ad5dbb
SHA1: ad7b497f18d2f9caae963284ba1fbc837170177b
SHA256: DC881F7BF6C98C27BEC9F84E5B26E7F3A09FB4772065675C94D0AE54CC4BAF84
File Size: 367.91 KB, 367912 bytes
MD5: 018dac33ce6e974241e08215561fab7d
SHA1: bb461d992efbffef62b38cc226bc1e0d6c79ed74
SHA256: A1117C062CC0C501F2FBA3ACD9FBA7B47EC2ABC564134C500297B58D0F6AC350
File Size: 367.23 KB, 367232 bytes
MD5: 4fbf2622e98bcb6c580e2200b5752c74
SHA1: 6425f8d9b8d42d727d0b97bb9ebd04c4bb59f09d
SHA256: BFC0FC62C324FE33D6C8133179D21DE3A2272B9AD002CDFC51DD2BFCFFC6FB6D
File Size: 368.26 KB, 368256 bytes
MD5: 9792c8657d22e50e0cb8abd468d2be2b
SHA1: fe330ce1a2960fef1fd9db94537422c3ebcb1c8a
SHA256: 164D99814EA3AFE69C2D51B31B6645381FB8EB54F3FC35D67760A3B9AA180FED
File Size: 362.21 KB, 362208 bytes
MD5: 4ed2ac786d437833fdebe34ec9c0a7df
SHA1: 4bce268395515c9706a331409b9872a60431001a
SHA256: 574DB58D1B97E6BC0276388A3778A0CA1755DBC79B089D66EE16187147BFAFE3
File Size: 367.19 KB, 367192 bytes
MD5: babf7493743ae7b9c1639f89fb2d0828
SHA1: af3c97c4f61ffbb3150594399b60d909a2481b55
SHA256: C2B979D78B0BF36E1EA2DB75AE3A6E704B004D4BCF66F13AA316A0B06B19C6A9
File Size: 367.94 KB, 367936 bytes
MD5: 8f40492a35b7f6ab151397d92acd558b
SHA1: d97560d9af371642e9385b7c771b216a3df66566
SHA256: 15549CE4AEA54708D636FBDE34CC25ED2748375D40E5E4A2F37CCE20B759ECD1
File Size: 368.28 KB, 368280 bytes
MD5: 79e7897e66b1fdfbcec79e69bfac88da
SHA1: 982f4d34656c0f6d26c79f7d851d6eec9f4d19b3
SHA256: C78EEC4D837B60D0E4E7EEF749943D9F04C0C82AD6FA4F46CCF77A6307CFE82E
File Size: 368.30 KB, 368296 bytes
MD5: e4f7689e8ca4b5b690d6007683fc6c30
SHA1: ba695dc1adf1f5be4d5a680d2c55d21974682e41
SHA256: 1986EC9940173616436087714DA06AC50B9DF8C64A8E8FC03149E09EA7C36080
File Size: 367.26 KB, 367256 bytes
MD5: a69a2a15ca1378cb674988d3313b4c14
SHA1: fea6526ac54b2797f5f50ef60a03319c08814c82
SHA256: 72952613D5AD617A4FF6C7292ADE763CCCC82D908DCFCE38750C00C7547BA4D8
File Size: 368.28 KB, 368280 bytes
MD5: 3cc7734cddb2ae92f5cfe782e9692d71
SHA1: 650b41afe49080a0f6c853a170a1d0625222ad42
SHA256: F6BC61CDC2610563C25D716822E2E7234A87E4F19F521F1D6D33208325BB5C25
File Size: 368.26 KB, 368256 bytes
MD5: 21d2d9f03271ebdc85e631f30912fb33
SHA1: 20354cb7ee418cbadde5fed8c41c1a19d3007e45
SHA256: 5E1C4501A0C931F729C297AF4510B7155078244192C7006D9CCCD20157D57E7A
File Size: 367.20 KB, 367200 bytes
MD5: 280129bfe998049b6052d1fcbc844206
SHA1: 0a834a9ae19226504caaee6201c07e042fc06897
SHA256: 152D99DA90111BC371971EFCDA245EB67863C4218AC3457844428C91932515A9
File Size: 367.94 KB, 367944 bytes
MD5: 9b8e2a8fc58b882764ceedda90d0b9fa
SHA1: ca3d1ce6759b56a61e80ee1e8ced99a46e486fae
SHA256: 3D20382182921BD980370BE3489F837D609D8563D8B85CC7A7A6AACEB0DA45F6
File Size: 362.58 KB, 362576 bytes
MD5: 151aba2946194be79496a7da39f097ac
SHA1: 4dee5acee50f6a38981e0a3e7c622f1ea98268c0
SHA256: 0BAD3CDDA24233B1F5EEA812CDF582980B4778E9A9704754F494D8A8FC348231
File Size: 361.61 KB, 361608 bytes
MD5: b5855e4ed72fea61334de7b9f2aae804
SHA1: 65bacab2987b1aeac78308b7bf097bfc42f68ba2
SHA256: 9797B63CD5918463A57BA5E7F05706203FA4C3D6F82111E77BF4CD2A2D97A288
File Size: 368.26 KB, 368256 bytes
MD5: f092a3d32e710d2ebf4d615c57daaa40
SHA1: ecb712746fe6131983749a545632089bd2901188
SHA256: 7CAEA5A7CBC7684FDCC7BE130EE9D12A64ECF6EBA2D7A764F6F8932D3F03E452
File Size: 361.67 KB, 361666 bytes
MD5: 60666d6f899750706195feb0edef1d1e
SHA1: 3c3e458ae57ec693748ae19d02da1ec86eff6938
SHA256: 959E9EAF679DCC81C9DD767FFC190D401660EE57D9108A45686473628B63F2C5
File Size: 367.92 KB, 367920 bytes
MD5: e25fd7df12bfab10637b4527b519105f
SHA1: 31b00b2d11a4777eef499fcb7c7bc39b96ebc90e
SHA256: DBB4B69396BAD3CCD6C5AF9203719F2F74A3450339670BB58D3C3D04E710AADE
File Size: 367.91 KB, 367912 bytes
MD5: 94092361f379ca1aa59e11c48fdf40dc
SHA1: 0b91031b2eec89731205ea60347909010379f6d6
SHA256: 3A0204F35180E1C98DC076141BECD92BD98E7F76D1A878F98A028B13D0C6F292
File Size: 368.26 KB, 368256 bytes
MD5: 8d9f21739628232ca5257bea9291ed51
SHA1: 312d6b1184e9bf3ade3271e72c59a22cd384cfde
SHA256: B561C878FDFF9232DE3F3CA52E22A5EA8699882DC152812BBB8BD597F33A7CA0
File Size: 367.22 KB, 367224 bytes
MD5: 8ffff7a68df0b8d91bc857c1840f899d
SHA1: 803b8168c254a2f4a26197694473ca7ea9ef0a85
SHA256: 93E7679E2A6B1C7F33D02D06FAF9FA601F07061A9E87A89A3ECBB0E4E9E07E81
File Size: 361.55 KB, 361552 bytes
MD5: 414c18950771311252f209fa1ec344ab
SHA1: 2763a823b230b2770d13e48d78d988a42355ea77
SHA256: 0BD04E74EFB86E9E12F533375FFF772265BF8B9779FE4C334EC72450EE274BDB
File Size: 367.23 KB, 367232 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Digital River, Inc.
  • Headlight Software, Inc.
  • RegNow.com
File Description
  • Digital River Download Manager
  • GetRight Downloader
  • RegNow Download Manager
File Version 1.0.0
Internal Name
  • Digital River Download Manager
  • GetRight Downloader
  • RegNow Download Manager
Legal Copyright
  • © Digital River, Inc.
  • © Headlight Software, Inc.
  • © RegNow.com
Original Filename
  • DldManager.exe
  • free-dlm.exe
Product Name
  • Digital River Download Manager
  • GetRight Downloader
  • RegNow Download Manager
Product Version 1.0.0

Digital Signatures

Signer Root Status
Digital River, Inc. Symantec Class 3 SHA256 Code Signing CA Self Signed
Digital River, Inc. VeriSign Class 3 Code Signing 2009-2 CA Self Signed
Digital River, Inc. VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • HighEntropy
  • packed
  • x86

Block Information

Total Blocks: 2,996
Potentially Malicious Blocks: 145
Whitelisted Blocks: 2,851
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 x 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x x x x x x x x x x x x x x x 0 x x x 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x 0 0 x 0 x 0 0 0 0 1 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Downloader.AA

Files Modified

File Attributes
c:\users\user\appdata\roaming\getrighttogo\.data Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\getrighttogo\.data0 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\getrighttogo\1ab025936c7d2e0c8e9c6929cd63c0f7c613e817_0000361666.data Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\getrighttogo\1ab025936c7d2e0c8e9c6929cd63c0f7c613e817_0000361666.data0 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\getrighttogo\640d8d3d3dbf366d2c14579aa0622cf81c3a5a62_0000383844.data Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\getrighttogo\640d8d3d3dbf366d2c14579aa0622cf81c3a5a62_0000383844.data0 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\headlight\getrighttogo\customizedapps::640d8d3d3dbf366d2c14579aa0622cf81c3a5a62_0000383844  RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::busypause  RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::filecache RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::filecachekb d RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::rollback RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::dotgetright RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\customizedapps::1ab025936c7d2e0c8e9c6929cd63c0f7c613e817_0000361666  RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\customizedapps::  RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup

Trending

Most Viewed

Loading...