Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.DownloadSponsor

PUP.DownloadSponsor

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.DownloadSponsor
Signature status: Self Signed

Known Samples

MD5: 1f82b0b84122f1605bdc684e12b511cc
SHA1: cf0792ff73bbdc83c089a856b957f365a0d4452d
File Size: 4.43 MB, 4425904 bytes
MD5: 405cfba6efa0ec2769da397be6db437a
SHA1: ac8606dd47fab2b182cf3a8b5b291a14ba699445
File Size: 4.43 MB, 4425904 bytes
MD5: 68012b5bef7c62c00c5b520c6f482c95
SHA1: ae45527af010480c59049a964073c401efdeb825
File Size: 4.43 MB, 4425904 bytes
MD5: 7c7b38f0611084e03b7b90704ad250d5
SHA1: f7314b123d0fb67fd1fe70b4491b7ea85f5ef5a9
SHA256: B0FBC15233CBF296A79AAB9D882D17FC015755388B265C9F6C55E43BA5976C77
File Size: 4.43 MB, 4425904 bytes
MD5: fbce50911172eb16aa218e0e08f41d85
SHA1: 3679b4a54bbed344e30261c567b9856e695b3348
SHA256: 62638749F40D9EAEA3DF6D26CFB269C1CB7CC22BC35F98BE1E1C35AF1F222ABB
File Size: 4.43 MB, 4425904 bytes
Show More
MD5: 6373b5a9a693225ff5c884a8d73db7b4
SHA1: 561464e42c843d1c91908a6e3a3f7de8ea5e2bc0
SHA256: 467DC4E41757473CF45038F1A6025DA2E1F6F811C6EBF697576B517AAA1554C6
File Size: 4.43 MB, 4425904 bytes
MD5: 34f18ae5c8c5518fbd368387cad4bf88
SHA1: 66478229194986c6f0d6cc01028d9b0ef4d2ac8b
SHA256: F8BDAE398E64F97A1BF89032CBFE5861FCD3330352818C36F724B39FD2DCBFD7
File Size: 4.43 MB, 4425904 bytes
MD5: 8d688ccf414c712fae1a0dd91e34cfcc
SHA1: a2299940d1505cafeed45b76b4c37b3e87d343c2
SHA256: 5E0B2A5A0CA1AB2097DE62796C688B8CEBB780C0BE70BF9B391EA944FA4F72BA
File Size: 4.43 MB, 4425904 bytes
MD5: 58a984542e02fcc41ce81d33dfe152c9
SHA1: 2e69d1fe55763b4813c97e42065f4c6dd1131c3e
SHA256: 46FFC0D9505FFAB59EEA6A71DAF2265DD4AB226B77FDAED725EC359A196E1A69
File Size: 4.43 MB, 4425904 bytes
MD5: 64f70553daf3d997fd7af36925898180
SHA1: 71ae8d9be58b17184f65588633e66a9a257d1c3d
SHA256: 6A3AB36569C47AC725EBB9850696F743438A5E19747A6F87689078DA3A53F64B
File Size: 4.43 MB, 4425904 bytes
MD5: de827ccf516bd3ab52bad5458a583c82
SHA1: 9e65dcd310c157cf333d5143e69326bea9023f48
SHA256: A4C1B030F6AA10C7189F83AA942B03431DFACAAEEB0180A367A7E85AC16A5D0F
File Size: 4.43 MB, 4425904 bytes
MD5: 3f02faaddeac8b56d70186604a697766
SHA1: 9f46bc555fcf9dcaa495ca4d1b56861b2a00d7e8
SHA256: 1794EDE898EBBEB55FDFA3DE258A247989626C196CF72089CCFB75AAEB4F0BAA
File Size: 4.43 MB, 4425904 bytes
MD5: 3049fd2d2a8426cd81a6db04e88f377a
SHA1: 4cf09c769feff1494a2de71fb0cc658595ec7176
SHA256: 0F81878103AD6A35FAF65538E3B15F2F5DA684E5AF1183DA1A7A8C71236B0E43
File Size: 4.43 MB, 4425904 bytes
MD5: 48b914fc0f8f74caa83decbd9c53986c
SHA1: 31ad0bf6ca4df06210b8477e4a2ee02e99a0b86e
SHA256: D46C937733D53364E061DE2BC7D3C569C372CFBDE98494A2682BF335F5F66D90
File Size: 343.26 KB, 343264 bytes
MD5: b8acd09bb2f6928435856627377f3567
SHA1: d3b420cae200ca50d3aaa671609a507da68357ed
SHA256: 28E5A89F3266B5EAAA2AE8160A68ED6387969D771C1B6E403A6C2939462906EC
File Size: 4.43 MB, 4425904 bytes
MD5: aea404cfb8b5c10d8c721dab07ac88c9
SHA1: 01d4a0c0443dda9571f28f1d9fe62109eaf65187
SHA256: 29342E1C5FFB71001B7DC86101DC8A0A38CA04DCB711725C4F09246E122E2997
File Size: 4.43 MB, 4425904 bytes
MD5: e64b5dcdee1970a2cd594bc5aa83e077
SHA1: 1f1c192611083c847ddab8b5302fe0d7829cf72f
SHA256: D2832CD179BB480E49AA7F4F80FD6C53EB908E4284A45FF0B71EF1FD98D270D8
File Size: 4.43 MB, 4425904 bytes
MD5: 7c576a8283e2537e9228b3a2bed1937a
SHA1: 817c8057f84982b591c69c575fa8d75d88637473
SHA256: FD0F1344563EF8FD21AC56A4C66C89147A88E115082F8609B19F90394FC9EA39
File Size: 4.43 MB, 4425904 bytes
MD5: a874f77f46e788bf7328a02f8921fc5d
SHA1: 4fb47ca001f6035c4531aa8f696251d42998651c
SHA256: A76C2064784A01853ABAB058EC81A3DE0C68C610ACFEA30F9A0B3D17D91B04EC
File Size: 4.43 MB, 4425904 bytes
MD5: 7f055e188a6a0ff051e59a7b72264691
SHA1: 3e0d42aae60dbbec067f121c228b2bd49568f042
SHA256: B9369C9CBC0652ADF4FC04229E8EFA81ED5274EBBFA3A3EACF8FE4847DCC7532
File Size: 4.43 MB, 4425904 bytes
MD5: 77370e7ac3e41223283a3d6256f7d5b8
SHA1: bb4901b5bb6e2e1dd41ab56ecfb9d4a83bd60851
SHA256: BDCFB2BCEC0D2BE748B35CD81274FBC45FB6B8C0FC6B2B35ED31BDCAB099D41B
File Size: 4.43 MB, 4425912 bytes
MD5: 7cbe624596761c47c3658a1087f7f315
SHA1: 42cf916580fba1c7648dfd30835cf2fe9b5f9e1c
SHA256: B1CE530CF34DD8A747EA082D844A8FEF105B1D62AA736B166FD826D6A0EA05FE
File Size: 4.43 MB, 4425904 bytes
MD5: 7722eec773cc46ca61ef0a3056144338
SHA1: e3242fe7c70df7555679c0cc3149c975286e6e91
SHA256: 1DF0C3585A433655E5B1B05C77C81E53BD441378A96DA3C295772EA3E5E6AC25
File Size: 4.43 MB, 4425904 bytes
MD5: 77409a57cc360297504f67812c21fe1a
SHA1: 4392ab77c0d313c11833d43aac91c557cfd25cbe
SHA256: 22E73509C711D2E7F90B3987411298732CD97AE0847507DF7AF8590742E1A5B8
File Size: 4.43 MB, 4425904 bytes
MD5: b829e00df5d0e651685e37bfd169dac6
SHA1: 5b94062da64b8f93e817018ba189a5e1e84c6211
SHA256: 55D12ED28F90980F2960E7E400AEF0B302F11A476A7B636A7F78DE291D96361C
File Size: 4.43 MB, 4425904 bytes
MD5: 1ed45d8943b2b3e181d7c57190e5f584
SHA1: 25e97003bcdeb003bfa10a782d2c9592f6be3b42
SHA256: 7CFB5CE3537A7848738638343F3926D5BF9DEC7F2F6439C20A90939AA772BDBC
File Size: 4.43 MB, 4425904 bytes
MD5: ebaf40199a2b30e3c7bcfae8818911ad
SHA1: 15016f825532e16962e45aecaea444a6e11f3813
SHA256: 5A4AECC1C9D384B2C006498538F650489B6456BBC467E067EBF185305672D18A
File Size: 4.43 MB, 4425904 bytes
MD5: b28c06caea0b47d771c17b2bd0e624ce
SHA1: b45f19a99e668d1d4c1fe4ad88efc0401b6b1729
SHA256: 2FBF1FF588FA88221A5BAC5605548AB9B819E006E25F4541C82081E6BB0EC0BF
File Size: 4.43 MB, 4425904 bytes
MD5: 30fd1ff7a4ed665e4f9f5d79d1dc1fc8
SHA1: 63a8975520ac6bff5d116fd77f25e2934a1b93d6
SHA256: 2ED25246B2DB29C0D17115C9D1FA95BED6357FC0D32A714AA56A0DBE1EA5FB74
File Size: 4.43 MB, 4425904 bytes
MD5: bf1dd560d9919fc5f910a2cd3758c254
SHA1: 68fc7726d713a5bed6bf3d49d5e30fe4a50210cf
SHA256: C0496AFCD347A4859988020609B3E7D8BD0DE326CB18732D172DCA531FF16667
File Size: 4.43 MB, 4425904 bytes
MD5: bdf71c0edbb90574a5e2edf4497a186a
SHA1: 2c31acb46f6d295f0a3f1038a539372335a0b2c6
SHA256: A170DE474D39E32A23B995426B2888F31347935EDA258C0A2EB609B330F5048A
File Size: 4.43 MB, 4425904 bytes
MD5: 76f31ce6ec7e4d4552b87aba12e93b1b
SHA1: 72d7c2da53a2cf44858cff569a00aa7e02572124
SHA256: 0561C612EB7E719F2D49B00EEB658CF9500F5FFE8960BF0A54AA490D8DEF675C
File Size: 4.43 MB, 4425904 bytes
MD5: 91945b4b3b423ba81402c405048653f2
SHA1: ca3e076e857dd1f893a7bd36f28ac9b414dc0e8e
SHA256: 0F1A502F52088B26509EB8DEE107FC7F97B9A6738CF2E7C04B82946DF3431F21
File Size: 4.43 MB, 4425904 bytes
MD5: b3c8cea2206873341aa910e7590a2568
SHA1: b22f2043226b57433db64798e0cd011e64c49b2c
SHA256: EAE6FE389300EF05D84496BABCF60D182B3B1D59A81AF293CB52166DBA54AE3E
File Size: 4.43 MB, 4425904 bytes
MD5: 8b052a956145adb6839e7157f5c72542
SHA1: 23c170968377d44abf6bdf49a457038d5a43c8c0
SHA256: 72631B71069865D9D21D8046A4A642B1650F2696F058346D61EE3DB7E469150C
File Size: 4.43 MB, 4425904 bytes
MD5: 1d332f770c569383cdd4d7608d9a3e54
SHA1: 8549e93725482e6c84cf16988f70caad1a16a930
SHA256: 5808AF9EBAFC499DC8F3E81E3C69062A469A61DC9F211BEB268396E294B2D3DD
File Size: 4.43 MB, 4425904 bytes
MD5: 71a2fb7b519266293a2b756948cc3ae2
SHA1: 8a64a784b08b2d6c0b621097a8bfea16786c27ff
SHA256: 98736772401311F7D2C3DDC662C8A64ADB012F26C175F2560ECA8966015DB6E7
File Size: 4.43 MB, 4425904 bytes
MD5: a271baaadd60a4d1e9f8d15d6d596ae8
SHA1: 47c738ce6dea7519f416ef84d5fdd6de47fcc3c2
SHA256: BE066D874AB7C5F3A65F7E5A399F33880D381E2F42D5263D9A32A901FF183F16
File Size: 4.43 MB, 4425904 bytes
MD5: f35a862f674e31193b673512a8a47a0f
SHA1: fb8b0e3d0004e2ad4b28200dd90b6b23a301d84f
SHA256: FB190FE6328048661660738730AC82D108B741480409C9252E5F1D2B8E12E92B
File Size: 4.43 MB, 4425904 bytes
MD5: 10f368dc142dd8643c9c3d9852916dd1
SHA1: 851ecc863a08dc53d4d27fd9b732c5bc1547826d
SHA256: 53CE749F4CD6DB4C33CE35B58808B89473D9E4B523275AA3F872122AA033F7F1
File Size: 4.43 MB, 4425904 bytes
MD5: b5e92dc638faa4242c4fad1f3099e691
SHA1: 4168f8ef9f9d3863ebe32f8892a8593162ee898d
SHA256: B9EC859CA58A85D098E33CFAB64CF2827CE84FFA8D899EA54BEEE019DDD368FC
File Size: 4.43 MB, 4425904 bytes
MD5: 607756e3ce19d5ba18c8bb208cf6b8a5
SHA1: 75a433f2ca468280e4b38f0a165a419a23a0243a
SHA256: E3684F6D426538FC9851C981DEC373535341AF92B4D5121A5A7F80719EA26AC1
File Size: 182.93 KB, 182932 bytes
MD5: acfa146d97070b2335dfffd3404e5ff0
SHA1: 082bc9413875c6675d632badc143ba7c85537f04
SHA256: 7E1B209B526A1AFC32171A11C57C0CF59C2FF30ED4B1EAE426FC612AFD67F8DB
File Size: 4.43 MB, 4425904 bytes
MD5: f35bf8ce4248ca2420f381c544086eac
SHA1: f024b71b5cb3ede97ffe17c8269ebf3e4f4bb6b2
SHA256: 08A777F0BF7A127370750767ABCC05DDF21ED6227B1C220B1977DC3945A49C8D
File Size: 4.43 MB, 4425904 bytes
MD5: d8985f048132eca7e49585e6fa461195
SHA1: 0998c0ab36d8bbdd67ab9c1eb32be7e82037096a
SHA256: 0BF4815E06CD03BE29D0D52013C153FAA8B19F6C7DEA89870AA2C6EDE618468C
File Size: 4.43 MB, 4425904 bytes
MD5: fa101f80a00549d8607da3bda6aae007
SHA1: 1de11005e9652c67df450356ea6957f1fd1bd2f4
SHA256: 707C0C6899FB9806D30F053473AD2680903D8CE7958D48968F1A23347CD2609C
File Size: 4.43 MB, 4425904 bytes
MD5: bd729066febe20e635723089cd5ce396
SHA1: 6c096d1690c9f06a74f45533dc7f17d38b8d1a88
SHA256: 197B91D2BF2913F8E2BC1503A3BE840BBC4DAB3E27BC7EE73E6086EBF8224846
File Size: 4.43 MB, 4425904 bytes
MD5: 178ab10958c295c0376610eb51f8670b
SHA1: b163211ba42ccfb06539f7863e0b8728d880426a
SHA256: C9CFA4880B47F51FA2B54EBBCA91AC12CB8472FEF8709C595E284A336D124B31
File Size: 4.43 MB, 4425904 bytes
MD5: 9cff1aab8eff54409b24ecbd01ac58a4
SHA1: 1d12437b96f1579b8683c454f52c095cc171361c
SHA256: 99FB55CAC7A61229A3D7E0B5B62A45873801E055EAE1F4B50BB96BA3FF04E6BB
File Size: 4.43 MB, 4425904 bytes
MD5: f833633f7de86d5472196bd14fa9b9bd
SHA1: a3c13515398ccd829228c852774a4abd8673daf4
SHA256: 534C068E2A381B426D58114F6429D385B46AE3B825EE28AFEE993BDDFFFA4A4C
File Size: 4.43 MB, 4425904 bytes
MD5: 218ed5476ead08da6bc6671b8f15c5cf
SHA1: 30ad556a59446463f5bc2d6ce1994058ff973df2
SHA256: AEBEC44360C8FAD003CA12F92E278B36716ABD985A5E1CCAD992326E5AD6D1CC
File Size: 4.43 MB, 4425904 bytes
MD5: bd364035c7f79323aa5ea2e11b04b385
SHA1: 9ed1be63209cb827d638aba2ce12635cd5ccb24e
SHA256: D8C9ED792D00CD95A95CED70DEB3CBA636FA73BF2F71674F574E8459B62F990C
File Size: 319.49 KB, 319488 bytes
MD5: a36744b122176951f81b82a42566ba7b
SHA1: 0eb475c8212c6004ed20d2412539ebe3d8d38eca
SHA256: 802A697112F791CA719F949665AE27B1241B90B00C288C1BA50C0233706D5143
File Size: 4.43 MB, 4425904 bytes
MD5: 1d537d22d87a0c93c22df6dd0564b02e
SHA1: fa127e08c2cebf98d4e15797c2eddd0914acd71a
SHA256: E768C5BCE625DF20BE7C496F9FDFA65B48FE438ACF60FD7BC74E14FAD2838987
File Size: 4.43 MB, 4425904 bytes
MD5: 16e6e0bd774b39eb8d071016f484f532
SHA1: f0b2c2977c350beb949c251530ea9c8eb237bd0e
SHA256: BE9E1EE1B3F9BFC8543AB5EAC8F58BD88DB0CD806CF7E6BE8A257CB8DE923C09
File Size: 4.43 MB, 4425904 bytes
MD5: 7761fe37e31f353cf4cd943465eaa00c
SHA1: b029a7e6d5a3bfb11e12f855b5c2b98b04d83fa7
SHA256: C968DB46121292535D4A163B200E24C60804EE706BDD673ECC22F5806706F0A6
File Size: 4.43 MB, 4425904 bytes
MD5: 113f6383aa77a33ba42e2f4a3faa67e8
SHA1: 6de7b47678d571e3a5721134abb1c3e3b4303835
SHA256: 5FDEDDBB71F2E33D7E85DD19E4FCA044E6F204B1C4ADE6166239C1A9A67400EC
File Size: 4.43 MB, 4425904 bytes
MD5: a51b007e9e905413b8a13a54e2d54608
SHA1: f4c0d3f9571587d3303395f57c7c00cd2d8cb17a
SHA256: 62DE38FB92CC555743814476C852B9B50B041CA943992FF78E66CA2FB519095A
File Size: 6.13 MB, 6126768 bytes
MD5: 7ff9c2557b176f19d9503491236c6b9f
SHA1: 761fbc66355edfd141d69ebd94ce306d4b956b78
SHA256: D83D8A75A929F98B4EEFBB493F58440954A0A2C65C733D5AAE6DF06016A5F056
File Size: 4.43 MB, 4425904 bytes
MD5: 346ccd4e82beb5d0cf7384199ac93a4d
SHA1: 51bd4c21a347175541b2048a4a9cdeefefb58ecf
SHA256: 63ED8B8693A3E90A74649621A3475464BFC1474793CD375608BDA43A55E0EB66
File Size: 4.43 MB, 4425904 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • A build of the PortableApps.com Launcher for JDownloader Portable, allowing it to be run from a removable drive. For additional details, visit PortableApps.com
  • Presetup für OnlineContent
Company Name
  • CHIP Digital GmbH
  • OCS
  • PortableApps.com
File Description
  • CHIP Secured Installer
  • JDownloader Portable (PortableApps.com Launcher)
  • OCS
File Version
  • 2.2.0.0
  • 1.0.64.2
  • 1.0.8.0
  • 1.0.0.0
Internal Name
  • OCS.exe
  • PortableApps.com Launcher
Legal Copyright
  • Copyright 2021 CHIP Digital GmbH
  • Copyright © Project OCS
  • PortableApps.com
Legal Trademarks PortableApps.com is a Trademark of Rare Ideas, LLC.
Original Filename
  • JDownloaderPortable.exe
  • OCS.exe
Product Name
  • Installer
  • JDownloader Portable
  • OCS
Product Version
  • 2.2.0.0
  • 1.0.64.2
  • 1.0.8.0
  • 1.0.0.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
CHIP Communications GmbH CHIP Communications GmbH Self Signed
CHIP Communications GmbH DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed

File Traits

  • .NET
  • .sdata
  • 2+ executable sections
  • Badsig nsis
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • NewLateBinding
  • nosig nsis
  • Nullsoft Installer
Show More
  • x64
  • x86

Block Information

Total Blocks: 7,653
Potentially Malicious Blocks: 489
Whitelisted Blocks: 7,164
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Delf.XA
  • Downloader.VE
  • Kryptik.DEK
  • Kryptik.HJB
  • Lokorrito.C
Show More
  • Lumma.FA
  • Rugmi.BA
  • Rugmi.IA
  • Rugmi.SA
  • Stealer.OBC

Files Modified

File Attributes
c:\users\user\appdata\local\temp\134024768695944176.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa11c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj4831.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj4831.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj4831.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj4831.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj4831.tmp\system.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Wodzxsaf\AppData\Local\Temp\nsj4831.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

"cmd /C" "netsh" "winsock" "reset"

Trending

Most Viewed

Loading...