PUP.Fusion.C
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Fusion.C |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
32829d04a087f620c874175df39b90bc
SHA1:
ec3099e444443e301643f8a5b97a19cadb66ad99
File Size:
3.02 MB, 3016140 bytes
|
|
MD5:
ae07043d69648aa19f80a375519558bd
SHA1:
b08f0f259aa577ea518ecc2d19e39d10348f18ed
SHA256:
1E458582081739248976B7CAF5FF7E2FB3D85F7CF9C14C1239F7FCAEB05EAF64
File Size:
1.93 MB, 1930408 bytes
|
|
MD5:
facf8e1a224f0b2cf1ee1c4c110ecec2
SHA1:
a9ec7b950ffeb0a174cd886a5429f2fb8be9d888
SHA256:
6410A6ACB415B90AB7EB8046EF4CA269C95D6B1248C0E7A95A51641B9E55B67D
File Size:
938.68 KB, 938680 bytes
|
|
MD5:
e6d65500db23228f18a72ca5aedcbb4f
SHA1:
d5110e9385800a189c3e14437a7154d3195ec5b0
SHA256:
2523239E9D80D4C3443E51408D0FAB2B7E2D707241633C70ACF63FD87214DC95
File Size:
1.02 MB, 1017856 bytes
|
|
MD5:
3fc9a285f10cfa15633128471f0c145d
SHA1:
870afeae19ad0c7a829cd88564eb93d0fafca217
SHA256:
262244B303DB69AC0C3EA6E10BC2BD81292774C5D1880EDD21F748B60BEC9AA9
File Size:
5.25 MB, 5253120 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Legal Copyright |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Ellora Assets Corp | GlobalSign CodeSigning CA - SHA256 - G3 | Self Signed |
| RealNetworks, Inc. | thawte SHA256 Code Signing CA | Self Signed |
File Traits
- dll
- HighEntropy
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\detect64.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\detect64.exe | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\experimentalscene.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\experimentalscene.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\is-ukotn.tmp\b08f0f259aa577ea518ecc2d19e39d10348f18ed_0001930408.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse123.tmp\advsplash.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse123.tmp\fusion.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse123.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nse123.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nse123.tmp\nsdialogs.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\nse123.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nspc5.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\setup log 2025-09-14 #001.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| Syscall Use |
Show More
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
"C:\Users\Ydzxllvk\AppData\Local\Temp\Detect64.exe"
|
"C:\Users\Roitmfhm\AppData\Local\Temp\is-UKOTN.tmp\b08f0f259aa577ea518ecc2d19e39d10348f18ed_0001930408.tmp" /SL5="$10278,1438622,399872,c:\users\user\downloads\b08f0f259aa577ea518ecc2d19e39d10348f18ed_0001930408"
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a9ec7b950ffeb0a174cd886a5429f2fb8be9d888_0000938680.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d5110e9385800a189c3e14437a7154d3195ec5b0_0001017856.,LiQMAxHB
|
