Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.DownloadStudio

PUP.DownloadStudio

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 627
Threat Level: 10 % (Normal)
Infected Computers: 119,893
First Seen: August 27, 2020
Last Seen: January 29, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.DownloadStudio

Registry Details

PUP.DownloadStudio may create the following registry entry or registry entries:
File name without path
Download Studio.lnk
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\.dsfile
SOFTWARE\Classes\DownloadStudio.DsFile.1
SOFTWARE\Classes\DownloadStudio.MagnetUri.1
SOFTWARE\Classes\DownloadStudio.TorrentFile.1
SOFTWARE\Classes\MIME\Database\Content Type\application/x-dsfile
SOFTWARE\Grand Media
Software\Microsoft\Windows\CurrentVersion\Run\Download Studio
SOFTWARE\RegisteredApplications\Download Studio
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{636FDC4D-DDA7-48CA-AEFF-D3CC57A43A7E}_is1

Directories

PUP.DownloadStudio may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Download Studio
%LOCALAPPDATA%\Grand Media
%PROGRAMFILES%\Download Studio
%PROGRAMFILES(x86)%\Download Studio

Analysis Report

General information

Family Name: PUP.DownloadStudio
Signature status: Root Not Trusted

Known Samples

MD5: fc05d8e0861c6dfac420b0f43078ae10
SHA1: 2e47095f9ab350301f47c30e794771d435630585
File Size: 2.22 MB, 2220976 bytes
MD5: a5493f365397a6e51fd4d1a3cf31403c
SHA1: 1870d4a4859dd205511114f31cb9c1719473d0cb
SHA256: 4F214AC442A92DC247D8D881C2DA32A12A9657AE2CD4B07843F2A8037263897C
File Size: 2.22 MB, 2224072 bytes
MD5: 05b138e96f7a8d2016799d490235d5ee
SHA1: b3f1c8f4289ee5b5a4bf59ceef77cc8f1ce08550
SHA256: 3C6A2115CC72B9637395A56FD15640EA713A7162D98CFE60C6A7EBF02218DA3B
File Size: 8.14 MB, 8142794 bytes
MD5: 9525cfcc52b8934127be32cd1ee7c2e1
SHA1: 5b81f9b12c3224c64a7f8be0d2a690599a9985d9
SHA256: 3D92699EFA8A45601AE59F0072315EFB8F3397E7CA5826253790814196EB83DA
File Size: 4.92 MB, 4915164 bytes
MD5: d9da69f635f479c6290998c0f49d6306
SHA1: b3474252c58e9fdfe0f0d9580065952ae3f72e8a
SHA256: 9E59E0D7AAE919E83767392A85BFCBDEDA9FA83B89E11116831254EFA760989F
File Size: 868.30 KB, 868298 bytes
Show More
MD5: d11b545e22f91ff86fd33339909ddff0
SHA1: 7017a6b272a7fe8e38c882ded53ffa4b1c7f7b86
SHA256: 375EA9F1F20E2300DD3B0C1297E12FF58D98EEE1498E730172C2845EDD77CF87
File Size: 542.98 KB, 542976 bytes
MD5: e267488a667723f6357520688f94546b
SHA1: 254a7f30c4f30f5b4ce947cfa682f07ad7ee1abd
SHA256: DA1D61F353BB58FE7390B18C2D7F2FF7D4EDD1BB6D0C1F3D333F554273ED6017
File Size: 615.58 KB, 615584 bytes
MD5: 9c7c53fdc96209accebd4f3ed13d2996
SHA1: f1ff67d82bae178f7ee1e2f8218e0d32d52c95c9
SHA256: D31FD1087C8AC65462B011BED64BFCA05B1412584A540A33914AF17CDD24AA5D
File Size: 835.49 KB, 835494 bytes
MD5: f1a4ddd106d2e4e5b66e187a32ddd77d
SHA1: a0902cdd0436b185e244e9fa014d9aecd94bf809
SHA256: 361770C6C3508EC384BA5098C825A983EEA349D2E01FC4011D84BED11475CE8A
File Size: 736.97 KB, 736969 bytes
MD5: 273402816948fd501d60d15ae6ec5b79
SHA1: fb4d41bfb2647326b112072c5ddde0b8fe184bdc
SHA256: E410C1D5E4BAAB59B0B8546F5D6E263A5E00F9F8AC6335E61F0ACF105B715196
File Size: 2.21 MB, 2211200 bytes
MD5: 6b1533f844775ac59b040ff05e709939
SHA1: 6b2dcf33113aae6c99d29f6378cec598536dfd47
SHA256: D0E3EE2A0C4A515D0485DBF52382ED80B43340FADC1862B8381CEB2692DA1DE9
File Size: 573.42 KB, 573422 bytes
MD5: 8628b6788e299f2699af944acbb272cf
SHA1: e481bd7b423ec34d2cb2dbb1c1863f94f1b3f116
SHA256: 6D6EC8956F9B03BB26AD35727914E1FA6AD211FAE14527F47B5E9F5455779ACE
File Size: 6.29 MB, 6291456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Build
  • 191
  • 204
  • 205
  • 207
  • 212
Comments This installation was built with Inno Setup.
Company Name
  • Download Studio Project
  • Download Studio Software
File Description
  • Download Studio Setup
  • Download Studio Setup
File Version
  • 1.22.0.0+212
  • 1.22.0.0+207
  • 1.22.0.0+205
  • 1.22.0.0+204
  • 1.21.0.0+191
  • 1.17.0.0
  • 1.16.1.2
  • 1.16.1.1
  • 1.15.0.3
Internal Name DS-Setup.exe
Legal Copyright
  • 2021 (c) Download Studio Project
  • 2021 (c) Download Studio Software
  • 2025 (c) Download Studio Project
Original Filename DS-Setup.exe
Product Name
  • Download Studio
  • Download Studio
  • Download Studio Setup
  • DS
Product Version
  • 1.22.0.0
  • 1.21.0.0
  • 1.17.0.0
  • 1.16.1.2
  • 1.16.1.1
  • 1.15.0.3

Digital Signatures

Signer Root Status
CHESTER HOUSE FREEHOLD LIMITED Sectigo Public Code Signing Root R46 Root Not Trusted
Kabelsmeden ApS USERTrust RSA Certification Authority Root Not Trusted
NowusGroup ApS USERTrust RSA Certification Authority Root Not Trusted

File Traits

  • Installer Manifest
  • Installer Version
  • nosig nsis
  • Nullsoft Installer
  • x64

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-3bevm.tmp\2e47095f9ab350301f47c30e794771d435630585_0002220976.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-efqpf.tmp\fb4d41bfb2647326b112072c5ddde0b8fe184bdc_0002211200.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fu2rk.tmp\1870d4a4859dd205511114f31cb9c1719473d0cb_0002224072.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-hq9l7.tmp\_isetup\_iscrypt.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-hq9l7.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-hq9l7.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-si46u.tmp\_isetup\_iscrypt.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-si46u.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-si46u.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-smjru.tmp\_isetup\_iscrypt.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\is-smjru.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-smjru.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\nsjson.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb3d2a.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj8fd6.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\nsjson.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj8fd6.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl3d29.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Winhttp
  • WinHttpOpen
Syscall Use
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAtomName
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterClassExWOW
  • win32u.dll!NtUserRemoveProp
  • win32u.dll!NtUserSetWindowLongPtr
  • win32u.dll!NtUserUnregisterClass
Anti Debug
  • IsDebuggerPresent
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Hbkpaccz\AppData\Local\Temp\is-3BEVM.tmp\2e47095f9ab350301f47c30e794771d435630585_0002220976.tmp" /SL5="$20250,1322416,902656,c:\users\user\downloads\2e47095f9ab350301f47c30e794771d435630585_0002220976.exe"
"C:\Users\Qvpgrzjm\AppData\Local\Temp\is-FU2RK.tmp\1870d4a4859dd205511114f31cb9c1719473d0cb_0002224072.tmp" /SL5="$10252,1333810,894464,c:\users\user\downloads\1870d4a4859dd205511114f31cb9c1719473d0cb_0002224072"
"C:\Users\Enxlmgoa\AppData\Local\Temp\is-EFQPF.tmp\fb4d41bfb2647326b112072c5ddde0b8fe184bdc_0002211200.tmp" /SL5="$6033A,1314224,894464,c:\users\user\downloads\fb4d41bfb2647326b112072c5ddde0b8fe184bdc_0002211200"

Trending

Most Viewed

Loading...