Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.EmptyBuilder

PUP.EmptyBuilder

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.EmptyBuilder
Signature status: No Signature

Known Samples

MD5: fdb5546e96bd4c3b0d3653fa08571aa3
SHA1: 501e0ad542d582320dfb43e6fee693d53aa17ee8
SHA256: FE12E61102A378263BCF1D1CAECD0F26015EF76CB1745E402C84EF961926B81D
File Size: 7.13 MB, 7129600 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Babylon
File Description Install.exe
File Version 7.0.4
Internal Name Install.exe
Legal Copyright Copyright © Babylon
Original Filename Install.exe
Product Name Install.exe
Product Version 7.0.4

File Traits

  • No Version Info
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7_cd7883.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\bab_hlp_static.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babca.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babyfox.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon.chm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_chinese_s__english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_chinese_t__english_sub.bgl Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_dutch_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_chinese_s__sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_chinese_t__sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_dutch_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_french_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_german_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_hebrew_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_italian_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_japanese_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_korean_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_portuguese_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_russian_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_spanish_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_english_swedish_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_french_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_german_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_hebrew_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_hebrew_thesaurus_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_italian_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_japanese_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_portuguese_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_russian_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylon_spanish_english_sub.bgl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babyloniepi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylonofficepi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babylonrpi.api Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\babyservices.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\bcontentserver.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\bexception.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\captlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\convert.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\csconfig.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\eula.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\features.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\filenames.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babylon7setup\metaphone.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\babyloninstall.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\unzip.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\babylon7.5.4\unzip.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\bae570~1.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\bae570~1.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\bae570~1.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\install.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\install.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\install.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\tmp4351$.tmp Generic Write,Read Attributes,Delete

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Hxjtoebe\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⬱龕퀔ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

C:\Users\Hxjtoebe\AppData\Local\Temp\IXP000.TMP\BAE570~1.EXE
C:\Users\Hxjtoebe\AppData\Local\Temp\Babylon7.5.4\BabylonInstall.exe
C:\Users\Hxjtoebe\AppData\Local\Temp\IXP000.TMP\Install.exe
unzip.cmd
WriteConsole:
Show More
WriteConsole: C:\Users\Hxjtoeb
WriteConsole: unzip.exe
WriteConsole: -qq -o Babylon7
WriteConsole:
C:\Users\Hxjtoebe\AppData\Local\Temp\Babylon7.5.4\unzip.exe unzip.exe -qq -o Babylon7_CD7883.exe -d babylon7setup

Trending

Most Viewed

Loading...