Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.InstallMonetizer

PUP.InstallMonetizer

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 2,051
Threat Level: 10 % (Normal)
Infected Computers: 5,859
First Seen: August 8, 2013
Last Seen: February 1, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.InstallMonetizer

File System Details

PUP.InstallMonetizer may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Vconverto_6939.exe f5f4ccd5ad669ce17659126218921b9e 0

Analysis Report

General information

Family Name: PUP.InstallMonetizer
Signature status: Self Signed

Known Samples

MD5: 267ddeb23300b5cbd257deaf8bd8cfd2
SHA1: 8fc6b04af6dc7ee0dc3a8f68c84d4523d7e33dfb
File Size: 8.10 MB, 8097915 bytes
MD5: a46f093eff358c7e513dceb34778b03d
SHA1: 90d71fe3470e19659b7827119fa8fbacd12e78a2
File Size: 2.96 MB, 2958672 bytes
MD5: ff62f35307d633e7b55932dd3fb472f1
SHA1: 5c44f63642d45f8b52545c513b1809c60271b120
SHA256: 6DF17FB91968A526FC3D129B4990D5C0EF4401EBB04D4F9598B55D5D7F9AA90C
File Size: 100.26 KB, 100256 bytes
MD5: 0ec4bfe9dc68bf12764099ff2559bd3a
SHA1: 6c21db64547fe567a0e7609f4c0a4883624470f3
SHA256: 3B62711198BDE966422834FC74590B093E80A0F7659BB3B7CDEB222903D1DA9F
File Size: 1.14 MB, 1139296 bytes
MD5: bad84723756fd26879a4349bc3e46115
SHA1: 1b19d54d4424cf8fe81555b74933762a0948635d
SHA256: 3B6D6903A0240F395C125D26866C6C23ACFC8EFA85195DFC2A91BF01320F2F2A
File Size: 3.09 MB, 3088816 bytes
Show More
MD5: b9456cb24dd3415a46370dabf5ce2602
SHA1: 5c9a2e60f7519f51e315aad9a5535e5dd334bfdd
SHA256: AD543C67F25AF3CAA6BD3C0837758518EE87A83E841DA700AC98D54E9F2631F6
File Size: 2.39 MB, 2386578 bytes
MD5: 64468fe73da1b6a259e4604a514655bc
SHA1: f820f0c3897f2df6a0b7fff66e5830720918de3b
SHA256: 5CF996A92092D42C12841B692FF727948AEE1F680B32ADB961FD67D722A3B3E5
File Size: 2.83 MB, 2834120 bytes
MD5: 18dd5cde8e6dd160576e14c8f0703af4
SHA1: 47243e6bf5c89b995569f9ddfee4f619fa081bf8
SHA256: F7B06FCAFD7E6C57E019298767638D89D51CAC17308C1FAEBA11187B7B4F3A92
File Size: 5.33 MB, 5325496 bytes
MD5: 582577a8ab632f86aeeb58fa09ddc48d
SHA1: 9fac0f4ff39023ba08baf99e49ce12d58955ee1a
SHA256: 2C0785750AD3369E58E57583551C9C771D2EF61065E282B5B4CF397FF337EE25
File Size: 874.16 KB, 874160 bytes
MD5: 6d0046b8e1df03cc7385995b7b06844b
SHA1: 76ea1b6bd2c5c4fff3f768f13ba5eafc6144692c
SHA256: 995A9F3BD258F8096E73C1E614F0E1574DF660F436DCCD5704D2ECA22EE4F940
File Size: 5.11 MB, 5107648 bytes
MD5: b96644a60fdf9dff698efa5c9b0a2402
SHA1: 1020f428cf17ca77a8fb6f53ba3c9e234f72b20b
SHA256: 186E429446BEF0196F697D350A20955A079F8847C634C09C936D005FA4682600
File Size: 6.80 MB, 6796888 bytes
MD5: 83dec6124272a85db4fecd2ff79fa0f3
SHA1: 9b4a40aed3c4c92b6f7fd86438947fb8773475b1
SHA256: A1945C647DFDF15B0C7F0A6E5DABDDA0DDC7469AAA6D4EF0DD98817A4B6FC2D6
File Size: 5.00 MB, 5000408 bytes
MD5: 786783631191a155d484366c8732438e
SHA1: 267145306a788d022fc9e26db96155c26c1f9efa
SHA256: 9101FAD363A47F2D825440DF6AFC22732A96763EC57DDE2F8044A018DDD6BFB9
File Size: 2.58 MB, 2581376 bytes
MD5: 02c9ea840121081d9c2e19dd4f0cc4d6
SHA1: b0a92687d53d609ce9649f389b7017fcee09337d
SHA256: 65A60CDBAF7D079B94910E6817F5772C8F4DF1E181D02DB19C498BDC6DB0BB91
File Size: 588.53 KB, 588531 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • AllFreeVideoSoft Co., Ltd.
  • Appnimi, Inc.
  • Auslogics Labs Pty Ltd
  • Boost Software Inc.
  • GTA PlayStore
  • MetaProducts Corporation
  • T-App Ltd.
  • VisionLot Co., Ltd.
File Description
  • Auslogics File Recovery Installation File
  • GTA V PlayStore
  • MetaProducts DeskTool
  • PC HealthBoost is a Boost Software Inc. product
  • PickMeApp Deployment Tool
  • Screen Recorder Free Setup
  • Setup/Uninstall
  • ZIP password recovery and unlocking tool
File Version
  • 51.1052.0.0
  • 4.3.0.0
  • 3.3.0.208
  • 2.2.8
  • 2.2.3
  • 2.2
  • 2.1
  • 1.00
  • 0.7.5.0
Internal Name TJprojMain
Legal Copyright
  • (C) 1997-2008 MetaProducts Corporation
  • Boost Software Inc.™
  • Copyright c 2013 T-App Ltd. All right reserved.
  • Copyright © 2008-2013 Auslogics Labs Pty Ltd
  • Copyright © 2011 Appnimi Inc, All rights reserved
  • GTA PlayStore
Original Filename TJprojMain.exe
Product Name
  • $(^Name}
  • All Free DVD Ripper
  • Auslogics File Recovery
  • DeskTool
  • GTA V PlayStore v2.2
  • PC HealthBoost
  • PickMeApp
  • Project1
  • Screen Recorder Free
Product Version
  • 4.3.0.0
  • 2.1
  • 2
  • 1.00

Digital Signatures

Signer Root Status
Franz Josef Wechselberger Franz Josef Wechselberger Self Signed
M417 LTD. StartCom Certification Authority Root Not Trusted
Beijing Tsingsoft Creative Information Technology Co., Ltd. USERTrust RSA Certification Authority Root Not Trusted
MetaProducts Corporation UTN-USERFirst-Object Self Signed
T-APP LTD UTN-USERFirst-Object Hash Mismatch
Show More
Boost Software Inc VeriSign Class 3 Code Signing 2010 CA Self Signed

Block Information

Similar Families

  • Emotet.CCA
  • Emotet.CDD
  • Injector.AK
  • Rugmi.IA
  • Sheloader.A
Show More
  • Sheloader.C

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\pchealthboost\pc-healthboost-setup.exe Synchronize,Write Data
c:\programdata\pchealthboost\pc-healthboost-setup.exe.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\pchealthboost\pchealthboost-setup.exe Synchronize,Write Data
c:\programdata\pchealthboost\pchealthboost-setup.exe.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\bitool.xxx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-g3tt4.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-g3tt4.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-g3tt4.tmp\ausuninst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-g3tt4.tmp\setup-bottomright.bmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-gjrgn.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-gjrgn.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gjrgn.tmp\rk_setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ilsgr.tmp\76ea1b6bd2c5c4fff3f768f13ba5eafc6144692c_0005107648.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lasrk.tmp\1b19d54d4424cf8fe81555b74933762a0948635d_0003088816.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nuhf8.tmp\setup.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lm32.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb5bed.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb5bed.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb5bed.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nscec0a.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nscec0a.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nscec0a.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nscec0a.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nscec0a.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf962b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj2003.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslf897.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsp58a1.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp58a1.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp58a1.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp58a1.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp58a1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb3fe.tmp\crccheck.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb3fe.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb3fe.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb3fe.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb3fe.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqf8a7.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\btmimg.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\finish.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\leftimg.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\nsisarray.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr4391.tmp\startmenu.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsr4391.tmp\startmenu.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu963b.tmp\crccheck.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu963b.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu963b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu963b.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu963b.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6a63.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6a63.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsx6a63.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6a63.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\findprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\math.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\md5dll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy5620.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb3ed.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\75ca58072b9926f763a91f0cc2798706_645bc4a49dcdc40fe5917fa45c6d4517 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\83d863f495e7d991917b3abb3e1eb382_4d9c2c5e642faf6fa3b8098ab3241ef2 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\75ca58072b9926f763a91f0cc2798706_645bc4a49dcdc40fe5917fa45c6d4517 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\83d863f495e7d991917b3abb3e1eb382_4d9c2c5e642faf6fa3b8098ab3241ef2 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Keyboard Access
  • GetKeyState
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Info Queried
  • GetAdaptersInfo

Shell Command Execution

C:\Users\Nafrqedw\AppData\Local\Temp\lm32.exe
C:\Users\Nafrqedw\AppData\Local\Temp\setup.exe
"C:\Users\Nafrqedw\AppData\Local\Temp\is-NUHF8.tmp\setup.tmp" /SL5="$B025A,7406801,234496,C:\Users\Nafrqedw\AppData\Local\Temp\setup.exe"
"C:\Users\Nqfbxfoz\AppData\Local\Temp\is-LASRK.tmp\1b19d54d4424cf8fe81555b74933762a0948635d_0003088816.tmp" /SL5="$10280,2352899,780800,c:\users\user\downloads\1b19d54d4424cf8fe81555b74933762a0948635d_0003088816"
"C:\Users\Zbnvaerd\AppData\Local\Temp\is-ILSGR.tmp\76ea1b6bd2c5c4fff3f768f13ba5eafc6144692c_0005107648.tmp" /SL5="$4005E,4681174,129536,c:\users\user\downloads\76ea1b6bd2c5c4fff3f768f13ba5eafc6144692c_0005107648"
Show More
(NULL) C:\Users\Zbnvaerd\AppData\Local\Temp\is-G3TT4.tmp\AusUninst.exe FileRecovery.exe

Related Posts

Trending

Most Viewed

Loading...