PUP.HostsEditor

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.HostsEditor
Signature status:	No Signature

Known Samples

MD5: 8bb7d71be7bec683d52d3db9ab1caf31

SHA1: f1bb487967ef34e6519fd034c0aa8517330b6d69

SHA256: 66988282B902ABBCD965880F6CAF9719BF413950FB3CC93553915456BBA0F0A9

File Size: 1.25 MB, 1248289 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

big overlay
WriteProcessMemory
x64

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926265	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\hostseditor.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\hostseditor.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup_x64.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup_x64.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup_x86.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup_x86.exe	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\rarsfx0\versioninfo.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\versioninfo.txt	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx

Shell Command Execution


							(NULL) C:\Users\Bqdamvdw\AppData\Local\Temp\RarSFX0\HostsEditor.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.HostsEditor

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Kryptik.BKB

Uckery.com

Maps-N-Directions

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen