Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Fusion.CA

PUP.Fusion.CA

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Fusion.CA
Signature status: Self Signed

Known Samples

MD5: 21f18d818834328e0ba1ea556385f609
SHA1: d9f941f4995316c4df1279b1c45294ff89cee393
File Size: 7.82 MB, 7815232 bytes
MD5: b7e436d249a9ca53701a7bfe7b0105a7
SHA1: e2b3da8b2fbc80c8250f367544488af0ee0f9103
SHA256: C2E3A34CA6451327187332AD50191C90BDC0B9654C9C19A0ACE6FB7E581E372C
File Size: 181.33 KB, 181328 bytes
MD5: 816e7812c6157896736c3e4724ebc747
SHA1: 0a8a2ef7676ece03eec1d6a64f62ef1a62c87d8c
SHA256: 11136A76F19A3704A791CC0A314DF0A6C2D6718D6DCCB796EA7374C7D4DA3053
File Size: 9.88 MB, 9875152 bytes
MD5: 4c911f748f3db62b65bfa9184920cc48
SHA1: 97aec668ffe74c0cd3b1f4f814b1b429506c4124
SHA256: 32B4D8573E266992CDFA8BD8750A184011FEECA6BA3B3FE765BE9EE9411767F7
File Size: 1.25 MB, 1247296 bytes
MD5: 9522f82628f5f111536c7499548812d1
SHA1: e493e13717df2fc0dba8a1857e88da7e3d7acda0
SHA256: FA949AA3A4C4AB1A1633AF62B348070E3F1CF8C11C30A23423A004726FFC5080
File Size: 9.35 MB, 9350344 bytes
Show More
MD5: 649331ca1070065605e2f188f50c4f37
SHA1: 6a4161084765e75508c01edb034c7d3f24c7feb3
SHA256: 6CB6339840F23F5D19D6108D7BA55408884890D6E89822C1B75C20642795BCEE
File Size: 7.45 MB, 7449368 bytes
MD5: e34123c4cdbf6aa06216b08a3c1050fc
SHA1: 362a5dc6737d3fdce0ca0c3591e75467e0f823cc
SHA256: 5F71875B2AF2BA41D15FE65C9A5D866FC937DAE358EB273724522A28D55773AD
File Size: 8.87 MB, 8872768 bytes
MD5: dfcd71076ed714e27faf0fd18d5bdc39
SHA1: ec93eb412f442a2ec9dd650f0924a864fe83290d
SHA256: 9D89FD0D4926C359298B518B28D9EDDC4B6193FA930C33A5EEFFF18FDE1C5037
File Size: 8.87 MB, 8872728 bytes
MD5: d24053fee9dd954ff0dbb00482f3a7a2
SHA1: 01fd442a6a4dc5a2be1611f6448ae15dd547f4fb
SHA256: C2A49D2BAE58E0054CD4B72067B0FB6C1878573D6AD585411134AC919EB05E9E
File Size: 9.50 MB, 9502584 bytes
MD5: 94f3a24921e9d6ed32f0f9750b18f862
SHA1: 57e3ed19a640b9b3f76d8e293b602b729ad33027
SHA256: BADA0EE243477753D74184ADF881DB3F942AE6CF744ACDB802CE35FD7BF19A1E
File Size: 3.09 MB, 3088702 bytes
MD5: acd9e2757f243f4f8c6eaa71788de635
SHA1: 950275323caa631062580ef48164b70f2d67ca51
SHA256: 4D2DBE0428B62934F42180CAFE575AA8DB1F164FC73C3B085EDF9F36A9000E2E
File Size: 5.16 MB, 5157682 bytes
MD5: 15cdb832e51f3d3fd6ad6ed557741e47
SHA1: b680144b2e68d4846d4ba991e18fa2a1b9a19f56
SHA256: C007F89EEC6F226F32D27246C5189DE465985B6E60899A3B07D78D667387B1AF
File Size: 1.74 MB, 1743120 bytes
MD5: d825e217316bfef3a62ddfd34198af96
SHA1: 9a5e8be00319f4d7e4276a171d56ffa895a26fb3
SHA256: 6904401EA854D0767BDDA8895000E1BA1CD6A461201ABFC2129920D4CF527F4C
File Size: 809.62 KB, 809624 bytes
MD5: 9f79ba3d79e64ebc44bf6a08f6d335db
SHA1: da1f8f1ad487841c4cee5b8a38528dfc25b7fcf8
SHA256: BB358EF3FB38E5A29F30B82B6307AC2D61CD6C9C15BCDB0FAD54CDEC3CD1380A
File Size: 9.44 MB, 9439768 bytes
MD5: bae713703774d63cba44d3b7b2e5c559
SHA1: f0a73fc1080f88b62181cbcda5db07e918789a76
SHA256: 3E1CA6C8B081BF990FD88D5E0E41E01A8F20DC185418E0FD2FFA9BF173D51829
File Size: 5.96 MB, 5960240 bytes
MD5: 045ca3e4d3651490281d3d6b8ad93afa
SHA1: 3d443367e65da504cf848a3e4bc53ada7f63f9ef
SHA256: 6F151E5E1DB98B7254D2FFAEDFE85622562D323640E78E24EECAA69818D40216
File Size: 7.94 MB, 7943536 bytes
MD5: b24aa2ffd0ab58354f136868f23f8fa0
SHA1: a6f2e698f879dc5a2ac2c92914965bd915ed5411
SHA256: AB4614068301C290E434EA83C5896A0956023C2A802099E7361E6678F3D7D500
File Size: 1.74 MB, 1742744 bytes
MD5: b1165aee310913c7afaffa2e210b4da0
SHA1: 8f3ff08298ed5b9c8062de47e6498dbc60ad06df
SHA256: 963CB6CBE0D9CB4E9F4CEFB906F8D68C206E57EE6C8FB33AE1D4AE117C81245C
File Size: 3.91 MB, 3908468 bytes
MD5: 87c0d8851613624861423bf317936048
SHA1: 3c165de270a4fed8d8dbdcf1a98ccdfa20d8fb51
SHA256: 2C14AD2C59B7F76AA578FF04E22CEA7A1B70A15D880ABF26344F96CB29FA809B
File Size: 1.74 MB, 1743104 bytes
MD5: 9485db7a0ccf5c3a9e256085cdf4947c
SHA1: 19d5fe10cc7c92c8da9eed4c72f4c953599baa59
SHA256: CC516ED7764864DDACC212338583652039940CE771DBC9DD76CE86CA59711D15
File Size: 9.47 MB, 9465816 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • http://www.resize-c.com?resizer
  • StrimSoftware includes a set of programs for information interchange with the microprocessor systems developed by Strim Ltd. Installation created with NSIS. Made in Belarus.
Company Name
  • Comodo
  • Dreamsecurity Co., Ltd.
  • Glarysoft Ltd
  • IM-Magic Inc.
  • Logitech Europe S.A.
  • Strim Ltd.
File Description
  • Comodo Dragon
  • Glary Disk Cleaner Installer
  • Glary Tracks Eraser Installer
  • GPKISecureWebNP
  • IM-Magic Partition Resizer Professional
  • LogiFEInstaller Installer
  • Quick Startup Installer
  • Strim Software Installation
File Version
  • 2015
  • 134.0.6998.179
  • 57.0.2987.93
  • 45.8.12.389
  • 2.5.1.2146
  • 1.2.289.0
  • 1.1.2.6
  • 1.1.2.4
Legal Copyright
  • Copyright (c) 2003 - 2020 Glarysoft Ltd
  • Copyright (c) 2003 - 2021 Glarysoft Ltd
  • Copyright (c) 2009-2015, Comodo Security Solutions, Inc.
  • Copyright (c) 2009-2017, Comodo Security Solutions, Inc.
  • Copyright (c) 2009-2025, Comodo Security Solutions, Inc.
  • Copyright (C) 2013-2015 IM-Magic.
  • Copyright (C) Ministry of Public Administration and Security. All rights reserved.
  • Copyright 2016
  • © Strim Ltd. All rights reserved.
Legal Trademarks IM-Magic
Original Filename StrimSetup.exe
Product Name
  • Comodo Dragon
  • Glary Disk Cleaner
  • Glary Tracks Eraser
  • GPKISecureWebNP
  • LogiFEInstaller
  • Partition Resizer Professional
  • Quick Startup
  • Strim Software
Product Version
  • 2015
  • 134.0.6998.179
  • 57.0.2987.93
  • 45.8.12.389
  • 5.20.1.160
  • 5.0.1.237
  • 5.0.1.222
  • 5.0.1.201
  • 5.0.1.200
  • 1.2.289.0

Digital Signatures

Signer Root Status
Comodo Security Solutions COMODO RSA Certification Authority Root Not Trusted
Comodo Security Solutions, Inc COMODO RSA Extended Validation Code Signing CA Self Signed
Glarysoft LTD DigiCert Assured ID Code Signing CA-1 Self Signed
Logitech Inc DigiCert EV Code Signing CA (SHA2) Self Signed
Glarysoft LTD DigiCert SHA2 Assured ID Code Signing CA Self Signed
Show More
Sigma Resources & Technologies, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
POLL EVERYWHERE, INC. Go Daddy Root Certificate Authority - G2 Root Not Trusted
Comodo Security Solutions Inc Sectigo Public Code Signing Root R46 Root Not Trusted
Comodo Security Solutions, Inc. UTN-USERFirst-Object Root Not Trusted
Nicetex Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Dreamsecurity Co., Ltd. thawte SHA256 Code Signing CA Self Signed

File Traits

  • 7-zip (In Overlay)
  • 7-zip SFX
  • dll
  • Installer Manifest
  • nosig nsis
  • Nullsoft Installer
  • packed
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\pollev_xp_util.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\logifeinstallerforlync2013v1.2.289\logifeplugininstaller.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\logifeinstallerforlync2013v1.2.289\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\logifeinstallerforlync2013v1.2.289\setup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\advsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsba4d7.tmp\iospecial.ini Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsba4d7.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\logo.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\setup.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsba4d7.tmp\setup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba4d7.tmp\warning.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsba4d7.tmp\warning.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbd5b.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbd5b.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbd5b.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsbbd5b.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbd5b.tmp\quickstartup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc63ec.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdaa07.tmp\killprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdaa07.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdaa07.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdaa07.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6624.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\bottom.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\content.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\installhelperplugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\nsis_skincrafter_plugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\rbskin.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\skincrafter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\skinnsis.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\uninstall.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse6ff2.tmp\uninstallfeedbackpage.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nse6ff2.tmp\uninstallfeedbackpage.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\bottom.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\content.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\installhelperplugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\nsis_skincrafter_plugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\rbskin.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\skincrafter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\skinnsis.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\uninstall.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4bbb.tmp\uninstallfeedbackpage.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsf4bbb.tmp\uninstallfeedbackpage.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7969.tmp\trackseraser.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7a.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7a.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7a.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbd7a.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh3c21.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsha852.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsifab8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsifab8.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\bottom.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\content.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\installhelperplugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\nsis_skincrafter_plugin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\rbskin.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\skincrafter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\skinnsis.skf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\uninstall.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl6757.tmp\uninstallfeedbackpage.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsl6757.tmp\uninstallfeedbackpage.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm4320.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsm4320.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm4320.tmp\version.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsna824.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna824.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbc9d.tmp\trackseraser.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\diskcleaner.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5546.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx3c32.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx3c32.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsx3c32.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx3c32.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx3c32.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\diskcleaner.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx51e9.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsy6982.tmp\killprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy6982.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy6982.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy6982.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz4841.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz4841.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz4841.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uninstallfeedbackpagelayout.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\mfc71.dll Generic Write,Read Attributes
c:\windows\syswow64\msvcr71.dll Generic Write,Read Attributes
c:\windows\temp\comodo logsfolder\generate_dragon_uninstaller.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Uwrkzkql\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Uwrkzkql\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Uwrkzkql\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\jet\4.0\engines\jet 4.0::maxbuffersize RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rcoqvqgn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rcoqvqgn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Rcoqvqgn\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xlfdqrpg\AppData\Local\Temp\nsm4320.tmp\ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
Show More
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xvvnrbbd\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xvvnrbbd\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Xvvnrbbd\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\2::1406 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\2::1607 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\2::currentlevel RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\3::1406 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\3::1607 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zones\3::currentlevel RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\2::1406 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\2::1607 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\2::currentlevel RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\3::1406 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\3::1607 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\internet settings\zones\3::currentlevel RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 苑ꬅ憔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ㉔곛憔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㒹䑔鰇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⾟䙶鰇ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
  • ZwMapViewOfSection
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Network Winsock2
  • WSAStartup
Service Control
  • OpenSCManager
  • OpenService
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Uwrkzkql\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
"C:\Users\Rcoqvqgn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
"C:\Users\Xlfdqrpg\AppData\Local\Temp\LogiFEInstallerforLync2013v1.2.289\setup.exe"
open LogiFEpluginInstaller.exe
"C:\Users\Xvvnrbbd\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
Show More
netsh advfirewall firewall delete rule name="GPKISecureWebNP" program="C:\Program Files (x86)\GPKISecureWebNP\GPKISecureWebNP.exe"
netsh advfirewall firewall add rule name="GPKISecureWebNP" dir=in action=allow program="C:\Program Files (x86)\GPKISecureWebNP\GPKISecureWebNP.exe" enable=yes

Trending

Most Viewed

Loading...