PUP.GreenBug.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.GreenBug.A
Signature status:	No Signature

Known Samples

MD5: d26498c5ebdc09dff9f64b94356c7a98

SHA1: 46688ebe7b2b3e911e2862c7c334367e4f6b98e2

File Size: 78.06 KB, 78062 bytes

MD5: 3dbe3ba024bbbaec7e13c16a812c46b2

SHA1: 06b3059ec9934523576c1b436f12d3cb1be3ecd0

File Size: 70.17 KB, 70165 bytes

MD5: 74bb517c1c21f1dda25a21205b582a86

SHA1: e42d0337db53b1864838e53fb0529cbe6c0b300a

SHA256: DD3AAB7DF467D565BD3138ED736661ADCC16B95BEBE7528B54F898998A3CB219

File Size: 61.73 KB, 61734 bytes

MD5: 7039c3baff566a63d2ab072dbe43f4b8

SHA1: 4821da60d798b7f57609a3d113049c1cf5732af3

SHA256: 67B32A4908FD019BC0587F545A59E90E7D450CEA075C5F8EEE04E0BDA20F94E2

File Size: 127.14 KB, 127142 bytes

MD5: 62f5ca4a2c47378cb6e24934407cac25

SHA1: 7bcfec2b4a3acf3b64b4a9d56f1c30e815fce498

SHA256: CA5D950F40722026B01A8A0499CCF0CAAD28319A6A862852E33133B43EB9B5AF

File Size: 61.77 KB, 61774 bytes

MD5: f01ab737f005a921fd44f85d467ed8ab

SHA1: 93217a654088c2598c248395911af086e680b779

SHA256: 331BD4BD0625F1C8BCBA3AFEB27156DBD6E73B635E5F0AA2A5711097AF3BB7F6

File Size: 61.88 KB, 61881 bytes

MD5: f860db3f2611dac36609670c8cdb6a21

SHA1: 02b204deac017bd45480c12da1537311f93a360b

SHA256: A0ACA6FE1E6C424DF76D423FC4D505790ADF4D0DF81AFDE6725F19B93C0520CB

File Size: 70.15 KB, 70147 bytes

MD5: 77e4d930df257331a5939ca5d5ece20d

SHA1: 668ef96aa7d2369eb1073fc9c7d716b882d5e443

SHA256: 344C9449E8F8D5BFE8F621432B6024B092727BCD5240A5C71ADADB9F8ECADBF4

File Size: 90.29 KB, 90286 bytes

MD5: 49d2613d9b0b8b095252c79cb56ae5ea

SHA1: a8ee18cab0a2f1872972c15b9e89cdf6c4e8e3cd

SHA256: 589226CFDD54882D234CC2D0A88BAF02571963BCDC48EAC8EEAAB27D86449783

File Size: 61.94 KB, 61942 bytes

MD5: b6003c1cf1bcc87e452953718812c384

SHA1: 9522d73bb74a8e268ded2375854f89f5ed5a5fbe

SHA256: D2A012BE8717229FED9706CDD34BC163C23E54DE412D5C8ABDF8BAAC781086FF

File Size: 139.47 KB, 139470 bytes

MD5: e30ca2aff6ba88f7afb3854b0cf632e2

SHA1: bed898e0910ff8cb7b41daabbc92ba6d3874f5b3

SHA256: E8C3B432F24DFC343440C42244F297769B242FD9C29A173366F971ABDDCDFE84

File Size: 1.05 MB, 1049568 bytes

MD5: 3511329d59a418840bd9efa2b65f5e96

SHA1: 18bdeca7c104a415efbf407b364b5dd70515a896

SHA256: F45053B72C6FCBDAD22A40CD68D62A6FC2BE9E86CA175B0FF6798A7128CA69B6

File Size: 2.02 MB, 2022952 bytes

MD5: 1380ba685f76409e3aeafe012d504d7d

SHA1: 8b935d5b57870ab8dd2f1135aef55f311b5771fd

SHA256: F7CA9C1D4FB6C3D83C009D935288BB5B50AEB4E2A4CA9FF5867C94E2C2A95278

File Size: 69.79 KB, 69788 bytes

MD5: 0d203e5f7e36cc9c83e1a216485bf8f5

SHA1: 8f32a2b1218828cd3e3d5f03e6ed9517c4b11199

SHA256: 8E888CC281DBDDE758DC9D613C61E3F2B7630EF9DA316CC7F7A8E4A2E2CD0C19

File Size: 65.69 KB, 65693 bytes

MD5: 7359db8f1a2c1bca7607cfa8a59a779a

SHA1: f25ec6fca8791c1bf841309c2898b67bc85e3a6a

SHA256: 232F18B70679C3C3741AF2B9934C1C73857BF8EBD98310F51CF326C070D6766F

File Size: 78.01 KB, 78006 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
Company Name	CrackingCity.com Doctor Computers (18)99761-2065 Freedom software, Verity Freedom Microsoft Muhammad Usman State Zero
File Description	For our and your freedom GTA Tools Setup IDM 6.xx Patcher Microsoft Office Nascar Racer 2000 Ordem de Servicos
File Version	4.1.0.0 2.3.1.25 1.4.0.0 1.0.0.0
Legal Copyright	Completely free to use and distribute Copyright Info Copyright © 2022 State Zero. CrackingCity.com, 2020 - 2025 Doctor Pc 100 Birigui /Sp www.nicegamefree.blogspot.com
Product Name	GTA Tools IDM 6.xx Patcher Microsoft Office Play Nascar Sistema de Os Tor Portable
Product Version	4.1.0.0 2.3.1.25 1.4.0.0 1.0.0.0 1.0

Digital Signatures

Signer	Root	Status
State Zero	State Zero	Self Signed

File Traits

big overlay
Installer Manifest
No Version Info
x86

Block Information

Total Blocks:	165
Potentially Malicious Blocks:	3
Whitelisted Blocks:	162
Unknown Blocks:	0

Visual Map

0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\afolder\7za.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\afolder\batclen.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\afolder\nsudolc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.f	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.t	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-oj3r6.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vbj5e.tmp\18bdeca7c104a415efbf407b364b5dd70515a896_0002022952.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is64.bat	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\is64.fil	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is64.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wtmpd\t23284.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wtmpd\t23284.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t15006ers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t15006ers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t15214ers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t15214ers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t20707ers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t20707ers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t30209ers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t30209ers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t8171sers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t8171sers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t8607sers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t8607sers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t9915sers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\t9915sers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t21954ers\user\downloads\.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t21954ers\user\downloads\.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t5175.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t5175.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t9775.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\t9775.exe	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	ȁ龡^紘Ç獖}⦘·좟Ê	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	輂ⷺǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	݇达膷ǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	谔ꛬ숭ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal 63 additional items are not displayed above.
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection
Keyboard Access	GetKeyState

Shell Command Execution


							open C:\Users\Orrmfweh\AppData\Local\Temp\ztmp\t5175.bat "c:\users\user\downloads\46688ebe7b2b3e911e2862c7c334367e4f6b98e2_0000078062.exe"


							WriteConsole: 'IsAdmin' is not


							WriteConsole: The system canno


							open C:\Users\Fdiiqgls\AppData\Local\Temp\ztmp\t9775.bat "c:\users\user\downloads\06b3059ec9934523576c1b436f12d3cb1be3ecd0_0000070165.exe"


							C:\WINDOWS\system32\fsutil.exe fsutil  dirty query C:


									\sega_rally_2\HELP\start.htm \sega_rally_2\HELP\start.htm


									open C:\Users\Qcjrczul\AppData\Local\Temp\is64.bat


									open C:\Users\Mdxpkfyq\AppData\Local\Temp\is64.bat


									open C:\Users\Droruckk\AppData\Local\Temp\i6.bat


									"C:\Users\Ctqyaxtr\AppData\Local\Temp\is-VBJ5E.tmp\18bdeca7c104a415efbf407b364b5dd70515a896_0002022952.tmp" /SL5="$40382,1164460,980992,c:\users\user\downloads\18bdeca7c104a415efbf407b364b5dd70515a896_0002022952"


									open C:\Users\Fyoqnqvy\AppData\Local\Temp\is64.bat

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.GreenBug.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Silverhost.vg

Giant Coupons Official Extension

Chainbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen