Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.HipgnosisBrains.A

PUP.HipgnosisBrains.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.HipgnosisBrains.A
Signature status: No Signature

Known Samples

MD5: 4f65e2e92659734027d79c5e6eb008d3
SHA1: c026ef5378f3190fcb87cef1d5bfa281381db4b5
SHA256: AD36009B827D1D7E0844B5B1F7B95D9AFBCE61A54AA07BED0506FE4137C84096
File Size: 2.40 MB, 2400640 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name FeyTools LLC
File Description FeyWriter
File Version 3.9.0.0
Legal Copyright � FeyTools LLC
Product Name FeyWriter

File Traits

  • .NET
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb55f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswb56f.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\setup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswb56f.tmp\temp.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • ReadProcessMemory
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption

Trending

Most Viewed

Loading...